[PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

[PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

[Jens Wiklander]

Hi,

This patch set introduces a new RPMB subsystem, based on patches from [1],
[2], and [3]. The RPMB subsystem aims at providing access to RPMB
partitions to other kernel drivers, in particular the OP-TEE driver. A new
user space ABI isn't needed, we can instead continue using the already
present ABI when writing the RPMB key during production.

I've added and removed things to keep only what is needed by the OP-TEE
driver. Since the posting of [3], there has been major changes in the MMC
subsystem so "mmc: block: register RPMB partition with the RPMB subsystem"
is in practice completely rewritten.

With this OP-TEE can access RPMB during early boot instead of having to
wait for user space to become available as in the current design [4].
This will benefit the efi variables [5] since we wont rely on userspace as
well as some TPM issues [6] that were solved.

The OP-TEE driver finds the correct RPMB device to interact with by
iterating over available devices until one is found with a programmed
authentication matching the one OP-TEE is using. This enables coexisting
users of other RPMBs since the owner can be determined by who knows the
authentication key.

The corresponding secure world OP-TEE patches are available at [7].

I've put myself as a maintainer for the RPMB subsystem as I have an
interest in the OP-TEE driver to keep this in good shape. However, if you'd
rather see someone else taking the maintainership that's fine too. I'll
help keep the subsystem updated regardless.

[1] https://lore.kernel.org/lkml/20230722014037.42647-1-shyamsaini@linux.microsoft.com/
[2] https://lore.kernel.org/lkml/20220405093759.1126835-2-alex.bennee@linaro.org/
[3] https://lore.kernel.org/linux-mmc/1478548394-8184-2-git-send-email-tomas.winkler@intel.com/
[4] https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#rpmb-secure-storage
[5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c44b6be62e8dd4ee0a308c36a70620613e6fc55f
[6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7269cba53d906cf257c139d3b3a53ad272176bca
[7] https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe

Thanks,
Jens

Changes since v4:
* "rpmb: add Replay Protected Memory Block (RPMB) subsystem"
  - Describing struct rpmb_descr as RPMB description instead of descriptor
* "mmc: block: register RPMB partition with the RPMB subsystem"
  - Addressing review comments
  - Adding more comments for struct rpmb_frame
  - Fixing assignment of reliable_wr_count and capacity in mmc_blk_rpmb_add()
* "optee: probe RPMB device using RPMB subsystem"
  - Updating struct rpmb_dev_info to match changes in "rpmb: add Replay
    Protected Memory Block (RPMB) subsystem"

Changes since v3:
* Move struct rpmb_frame into the MMC driver since the format of the RPMB
  frames depend on the implementation, one format for eMMC, another for
  UFS, and so on
* "rpmb: add Replay Protected Memory Block (RPMB) subsystem"
  - Adding Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
  - Adding more description of the API functions
  - Removing the set_dev_info() op from struct rpmb_ops, the needed information
    is supplied in the arguments to rpmb_dev_register() instead.
  - Getting rid of struct rpmb_ops since only the route_frames() op was
    remaining, store that op directly in struct rpmb_dev
  - Changed rpmb_interface_register() and rpmb_interface_unregister() to use
    notifier_block instead of implementing the same thing ourselves
* "mmc: block: register RPMB partition with the RPMB subsystem"
  - Moving the call to rpmb_dev_register() to be done at the end of
    mmc_blk_probe() when the device is fully available
* "optee: probe RPMB device using RPMB subsystem"
  - Use IS_REACHABLE(CONFIG_RPMB) to determine if the RPMB subsystem is
    available
  - Translate TEE_ERROR_STORAGE_NOT_AVAILABLE if encountered in get_devices()
    to recognize the error in optee_rpmb_scan()
  - Simplified optee_rpmb_scan() and optee_rpmb_intf_rdev()

Changes since v2:
* "rpmb: add Replay Protected Memory Block (RPMB) subsystem"
  - Fixing documentation issues
  - Adding a "depends on MMC" in the Kconfig
  - Removed the class-device and the embedded device, struct rpmb_dev now
    relies on the parent device for reference counting as requested
  - Removed the now unneeded rpmb_ops get_resources() and put_resources()
    since references are already taken in mmc_blk_alloc_rpmb_part() before
    rpmb_dev_register() is called
  - Added rpmb_interface_{,un}register() now that
    class_interface_{,un}register() can't be used ay longer
* "mmc: block: register RPMB partition with the RPMB subsystem"
  - Adding the missing error cleanup in alloc_idata()
  - Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
    instead of in mmc_rpmb_chrdev_open() and rpmb_op_mmc_get_resources()
* "optee: probe RPMB device using RPMB subsystem"
  - Registering to get a notification when an RPMB device comes online
  - Probes for RPMB devices each time an RPMB device comes online, until
    a usable device is found
  - When a usable RPMB device is found, call
    optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB)
  - Pass type of rpmb in return value from OPTEE_RPC_CMD_RPMB_PROBE_NEXT

Changes since Shyam's RFC:
* Removed the remaining leftover rpmb_cdev_*() function calls
* Refactored the struct rpmb_ops with all the previous ops replaced, in
  some sense closer to [3] with the route_frames() op
* Added rpmb_route_frames()
* Added struct rpmb_frame, enum rpmb_op_result, and enum rpmb_type from [3]
* Removed all functions not needed in the OP-TEE use case
* Added "mmc: block: register RPMB partition with the RPMB subsystem", based
  on the commit with the same name in [3]
* Added "optee: probe RPMB device using RPMB subsystem" for integration
  with OP-TEE
* Moved the RPMB driver into drivers/misc/rpmb-core.c
* Added my name to MODULE_AUTHOR() in rpmb-core.c
* Added an rpmb_mutex to serialize access to the IDA
* Removed the target parameter from all rpmb_*() functions since it's
  currently unused

Jens Wiklander (3):
  rpmb: add Replay Protected Memory Block (RPMB) subsystem
  mmc: block: register RPMB partition with the RPMB subsystem
  optee: probe RPMB device using RPMB subsystem

 MAINTAINERS                       |   7 +
 drivers/misc/Kconfig              |  10 ++
 drivers/misc/Makefile             |   1 +
 drivers/misc/rpmb-core.c          | 232 ++++++++++++++++++++++++++++
 drivers/mmc/core/block.c          | 241 +++++++++++++++++++++++++++++-
 drivers/tee/optee/core.c          |  30 ++++
 drivers/tee/optee/device.c        |   7 +
 drivers/tee/optee/ffa_abi.c       |   8 +
 drivers/tee/optee/optee_private.h |  21 ++-
 drivers/tee/optee/optee_rpc_cmd.h |  35 +++++
 drivers/tee/optee/rpc.c           | 232 ++++++++++++++++++++++++++++
 drivers/tee/optee/smc_abi.c       |   7 +
 include/linux/rpmb.h              | 136 +++++++++++++++++
 13 files changed, 964 insertions(+), 3 deletions(-)
 create mode 100644 drivers/misc/rpmb-core.c
 create mode 100644 include/linux/rpmb.h

-- 
2.34.1

[PATCH v5 1/3] rpmb: add Replay Protected Memory Block (RPMB) subsystem

[Jens Wiklander]

A number of storage technologies support a specialised hardware
partition designed to be resistant to replay attacks. The underlying
HW protocols differ but the operations are common. The RPMB partition
cannot be accessed via standard block layer, but by a set of specific
RPMB commands. Such a partition provides authenticated and replay
protected access, hence suitable as a secure storage.

The initial aim of this patch is to provide a simple RPMB driver
interface which can be accessed by the optee driver to facilitate early
RPMB access to OP-TEE OS (secure OS) during the boot time.

A TEE device driver can claim the RPMB interface, for example, via
rpmb_interface_register() or rpmb_dev_find_device(). The RPMB driver
provides a callback to route RPMB frames to the RPMB device accessible
via rpmb_route_frames().

The detailed operation of implementing the access is left to the TEE
device driver itself.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Shyam Saini <shyamsaini@linux.microsoft.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
---
 MAINTAINERS              |   7 ++
 drivers/misc/Kconfig     |  10 ++
 drivers/misc/Makefile    |   1 +
 drivers/misc/rpmb-core.c | 232 +++++++++++++++++++++++++++++++++++++++
 include/linux/rpmb.h     | 136 +++++++++++++++++++++++
 5 files changed, 386 insertions(+)
 create mode 100644 drivers/misc/rpmb-core.c
 create mode 100644 include/linux/rpmb.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 8999497011a2..e83152c42499 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -19012,6 +19012,13 @@ T:	git git://linuxtv.org/media_tree.git
 F:	Documentation/devicetree/bindings/media/allwinner,sun8i-a83t-de2-rotate.yaml
 F:	drivers/media/platform/sunxi/sun8i-rotate/
 
+RPMB SUBSYSTEM
+M:	Jens Wiklander <jens.wiklander@linaro.org>
+L:	linux-kernel@vger.kernel.org
+S:	Supported
+F:	drivers/misc/rpmb-core.c
+F:	include/linux/rpmb.h
+
 RPMSG TTY DRIVER
 M:	Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
 L:	linux-remoteproc@vger.kernel.org
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index 4fb291f0bf7c..dbff9e8c3a03 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -104,6 +104,16 @@ config PHANTOM
 	  If you choose to build module, its name will be phantom. If unsure,
 	  say N here.
 
+config RPMB
+	tristate "RPMB partition interface"
+	depends on MMC
+	help
+	  Unified RPMB unit interface for RPMB capable devices such as eMMC and
+	  UFS. Provides interface for in-kernel security controllers to access
+	  RPMB unit.
+
+	  If unsure, select N.
+
 config TIFM_CORE
 	tristate "TI Flash Media interface support"
 	depends on PCI
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index ea6ea5bbbc9c..8af058ad1df4 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_LKDTM)		+= lkdtm/
 obj-$(CONFIG_TIFM_CORE)       	+= tifm_core.o
 obj-$(CONFIG_TIFM_7XX1)       	+= tifm_7xx1.o
 obj-$(CONFIG_PHANTOM)		+= phantom.o
+obj-$(CONFIG_RPMB)		+= rpmb-core.o
 obj-$(CONFIG_QCOM_COINCELL)	+= qcom-coincell.o
 obj-$(CONFIG_QCOM_FASTRPC)	+= fastrpc.o
 obj-$(CONFIG_SENSORS_BH1770)	+= bh1770glc.o
diff --git a/drivers/misc/rpmb-core.c b/drivers/misc/rpmb-core.c
new file mode 100644
index 000000000000..5479469c26f3
--- /dev/null
+++ b/drivers/misc/rpmb-core.c
@@ -0,0 +1,232 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright(c) 2015 - 2019 Intel Corporation. All rights reserved.
+ * Copyright(c) 2021 - 2024 Linaro Ltd.
+ */
+#include <linux/device.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/list.h>
+#include <linux/module.h>
+#include <linux/mutex.h>
+#include <linux/rpmb.h>
+#include <linux/slab.h>
+
+static struct list_head rpmb_dev_list;
+static DEFINE_MUTEX(rpmb_mutex);
+static struct blocking_notifier_head rpmb_interface =
+	BLOCKING_NOTIFIER_INIT(rpmb_interface);
+
+/**
+ * rpmb_dev_get() - increase rpmb device ref counter
+ * @rdev: rpmb device
+ */
+struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
+{
+	if (rdev)
+		get_device(rdev->parent_dev);
+	return rdev;
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_get);
+
+/**
+ * rpmb_dev_put() - decrease rpmb device ref counter
+ * @rdev: rpmb device
+ */
+void rpmb_dev_put(struct rpmb_dev *rdev)
+{
+	if (rdev)
+		put_device(rdev->parent_dev);
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_put);
+
+/**
+ * rpmb_route_frames() - route rpmb frames to rpmb device
+ * @rdev:	rpmb device
+ * @req:	rpmb request frames
+ * @req_len:	length of rpmb request frames in bytes
+ * @rsp:	rpmb response frames
+ * @rsp_len:	length of rpmb response frames in bytes
+ *
+ * Returns: < 0 on failure
+ */
+int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
+		      unsigned int req_len, u8 *rsp, unsigned int rsp_len)
+{
+	if (!req || !req_len || !rsp || !rsp_len)
+		return -EINVAL;
+
+	return rdev->descr.route_frames(rdev->parent_dev, req, req_len,
+					rsp, rsp_len);
+}
+EXPORT_SYMBOL_GPL(rpmb_route_frames);
+
+/**
+ * rpmb_dev_find_device() - return first matching rpmb device
+ * @data: data for the match function
+ * @match: the matching function
+ *
+ * Iterate over registered RPMB devices, and call @match() for each passing
+ * it the RPMB device and @data.
+ *
+ * The return value of @match() is checked for each call. If it returns
+ * anything other 0, break and return the found RPMB device.
+ *
+ * It's the callers responsibility to call rpmb_dev_put() on the returned
+ * device, when it's done with it.
+ *
+ * Returns: a matching rpmb device or NULL on failure
+ */
+struct rpmb_dev *rpmb_dev_find_device(const void *data,
+				      const struct rpmb_dev *start,
+				      int (*match)(struct rpmb_dev *rdev,
+						   const void *data))
+{
+	struct rpmb_dev *rdev;
+	struct list_head *pos;
+
+	mutex_lock(&rpmb_mutex);
+	if (start)
+		pos = start->list_node.next;
+	else
+		pos = rpmb_dev_list.next;
+
+	while (pos != &rpmb_dev_list) {
+		rdev = container_of(pos, struct rpmb_dev, list_node);
+		if (match(rdev, data)) {
+			rpmb_dev_get(rdev);
+			goto out;
+		}
+		pos = pos->next;
+	}
+	rdev = NULL;
+
+out:
+	mutex_unlock(&rpmb_mutex);
+
+	return rdev;
+}
+
+/**
+ * rpmb_dev_unregister() - unregister RPMB partition from the RPMB subsystem
+ * @rdev: the rpmb device to unregister
+ *
+ * This function should be called from the release function of the
+ * underlying device used when the RPMB device was registered.
+ *
+ * Returns: < 0 on failure
+ */
+int rpmb_dev_unregister(struct rpmb_dev *rdev)
+{
+	if (!rdev)
+		return -EINVAL;
+
+	mutex_lock(&rpmb_mutex);
+	list_del(&rdev->list_node);
+	mutex_unlock(&rpmb_mutex);
+	kfree(rdev->descr.dev_id);
+	kfree(rdev);
+
+	return 0;
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_unregister);
+
+/**
+ * rpmb_dev_register - register RPMB partition with the RPMB subsystem
+ * @dev: storage device of the rpmb device
+ * @ops: device specific operations
+ *
+ * While registering the RPMB partition extract needed device information
+ * while needed resources are available.
+ *
+ * Returns: a pointer to a 'struct rpmb_dev' or an ERR_PTR on failure
+ */
+struct rpmb_dev *rpmb_dev_register(struct device *dev,
+				   struct rpmb_descr *descr)
+{
+	struct rpmb_dev *rdev;
+
+	if (!dev || !descr || !descr->route_frames || !descr->dev_id ||
+	    !descr->dev_id_len)
+		return ERR_PTR(-EINVAL);
+
+	rdev = kzalloc(sizeof(*rdev), GFP_KERNEL);
+	if (!rdev)
+		return ERR_PTR(-ENOMEM);
+	rdev->descr = *descr;
+	rdev->descr.dev_id = kmemdup(descr->dev_id, descr->dev_id_len,
+				     GFP_KERNEL);
+	if (!rdev->descr.dev_id) {
+		kfree(rdev);
+		return ERR_PTR(-ENOMEM);
+	}
+
+	rdev->parent_dev = dev;
+
+	dev_dbg(rdev->parent_dev, "registered device\n");
+
+	mutex_lock(&rpmb_mutex);
+	list_add_tail(&rdev->list_node, &rpmb_dev_list);
+	blocking_notifier_call_chain(&rpmb_interface, RPMB_NOTIFY_ADD_DEVICE,
+				     rdev);
+	mutex_unlock(&rpmb_mutex);
+
+	return rdev;
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_register);
+
+/**
+ * rpmb_interface_register() - register for new device notifications
+ *
+ * @nb : New entry in notifier chain
+ *
+ * Returns: 0 on success  -EEXIST on error.
+ */
+int rpmb_interface_register(struct notifier_block *nb)
+{
+	struct rpmb_dev *rdev;
+	int ret;
+
+	ret = blocking_notifier_chain_register(&rpmb_interface, nb);
+	if (ret)
+		return ret;
+
+	mutex_lock(&rpmb_mutex);
+	list_for_each_entry(rdev, &rpmb_dev_list, list_node)
+		nb->notifier_call(nb, RPMB_NOTIFY_ADD_DEVICE, rdev);
+	mutex_unlock(&rpmb_mutex);
+
+	return 0;
+}
+EXPORT_SYMBOL_GPL(rpmb_interface_register);
+
+/**
+ * rpmb_interface_unregister() - unregister from new device notifications
+ *
+ * @nb : Entry to remove from notifier chain
+ *
+ * Returns: 0 on success or -ENOENT on failure.
+ */
+int rpmb_interface_unregister(struct notifier_block *nb)
+{
+	return blocking_notifier_chain_unregister(&rpmb_interface, nb);
+}
+EXPORT_SYMBOL_GPL(rpmb_interface_unregister);
+
+static int __init rpmb_init(void)
+{
+	INIT_LIST_HEAD(&rpmb_dev_list);
+	return 0;
+}
+
+static void __exit rpmb_exit(void)
+{
+	mutex_destroy(&rpmb_mutex);
+}
+
+subsys_initcall(rpmb_init);
+module_exit(rpmb_exit);
+
+MODULE_AUTHOR("Jens Wiklander <jens.wiklander@linaro.org>");
+MODULE_DESCRIPTION("RPMB class");
+MODULE_LICENSE("GPL");
diff --git a/include/linux/rpmb.h b/include/linux/rpmb.h
new file mode 100644
index 000000000000..3ced206fdc17
--- /dev/null
+++ b/include/linux/rpmb.h
@@ -0,0 +1,136 @@
+/* SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0 */
+/*
+ * Copyright (C) 2015-2019 Intel Corp. All rights reserved
+ * Copyright (C) 2021-2022 Linaro Ltd
+ */
+#ifndef __RPMB_H__
+#define __RPMB_H__
+
+#include <linux/types.h>
+#include <linux/device.h>
+#include <linux/notifier.h>
+
+/**
+ * enum rpmb_type - type of underlying storage technology
+ *
+ * @RPMB_TYPE_EMMC  : emmc (JESD84-B50.1)
+ * @RPMB_TYPE_UFS   : UFS (JESD220)
+ * @RPMB_TYPE_NVME  : NVM Express
+ */
+enum rpmb_type {
+	RPMB_TYPE_EMMC,
+	RPMB_TYPE_UFS,
+	RPMB_TYPE_NVME,
+};
+
+/**
+ * struct rpmb_descr - RPMB description provided by the underlying block device
+ *
+ * @type             : block device type
+ * @route_frames     : routes frames to and from the RPMB device
+ * @dev_id           : unique device identifier read from the hardware
+ * @dev_id_len       : length of unique device identifier
+ * @reliable_wr_count: number of sectors that can be written in one access
+ * @capacity         : capacity of the device in units of 128K
+ *
+ * @dev_id is intended to be used as input when deriving the authenticaion key.
+ */
+struct rpmb_descr {
+	enum rpmb_type type;
+	int (*route_frames)(struct device *dev, u8 *req, unsigned int req_len,
+			    u8 *resp, unsigned int resp_len);
+	u8 *dev_id;
+	size_t dev_id_len;
+	u16 reliable_wr_count;
+	u16 capacity;
+};
+
+/**
+ * struct rpmb_dev - device which can support RPMB partition
+ *
+ * @parent_dev       : parent device
+ * @list_node        : linked list node
+ * @descr            : RPMB description
+ */
+struct rpmb_dev {
+	struct device *parent_dev;
+	struct list_head list_node;
+	struct rpmb_descr descr;
+};
+
+enum rpmb_interface_action {
+	RPMB_NOTIFY_ADD_DEVICE,
+};
+
+/**
+ * struct rpmb_interface - subscribe to new RPMB devices
+ *
+ * @list_node     : linked list node
+ * @add_rdev      : notifies that a new RPMB device has been found
+ */
+struct rpmb_interface {
+	struct list_head list_node;
+	void (*add_rdev)(struct rpmb_interface *intf, struct rpmb_dev *rdev);
+};
+
+#if IS_ENABLED(CONFIG_RPMB)
+struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev);
+void rpmb_dev_put(struct rpmb_dev *rdev);
+struct rpmb_dev *rpmb_dev_find_device(const void *data,
+				      const struct rpmb_dev *start,
+				      int (*match)(struct rpmb_dev *rdev,
+						   const void *data));
+struct rpmb_dev *rpmb_dev_register(struct device *dev,
+				   struct rpmb_descr *descr);
+int rpmb_dev_unregister(struct rpmb_dev *rdev);
+
+int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
+		      unsigned int req_len, u8 *resp, unsigned int resp_len);
+
+int rpmb_interface_register(struct notifier_block *nb);
+int rpmb_interface_unregister(struct notifier_block *nb);
+#else
+static inline struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
+{
+	return NULL;
+}
+
+static inline void rpmb_dev_put(struct rpmb_dev *rdev) { }
+
+static inline struct rpmb_dev *
+rpmb_dev_find_device(const void *data, const struct rpmb_dev *start,
+		     int (*match)(struct rpmb_dev *rdev, const void *data))
+{
+	return NULL;
+}
+
+static inline struct rpmb_dev *
+rpmb_dev_register(struct device *dev, const struct rpmb_ops *ops)
+{
+	return NULL;
+}
+
+static inline int rpmb_dev_unregister(struct rpmb_dev *dev)
+{
+	return 0;
+}
+
+static inline int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
+				    unsigned int req_len, u8 *resp,
+				    unsigned int resp_len)
+{
+	return -EOPNOTSUPP;
+}
+
+static inline int rpmb_interface_register(struct notifier_block *nb)
+{
+	return -EOPNOTSUPP;
+}
+
+static inline int rpmb_interface_unregister(struct notifier_block *nb)
+{
+	return -EOPNOTSUPP;
+}
+#endif /* CONFIG_RPMB */
+
+#endif /* __RPMB_H__ */
-- 
2.34.1

[PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

Register eMMC RPMB partition with the RPMB subsystem and provide
an implementation for the RPMB access operations abstracting
the actual multi step process.

Add a callback to extract the needed device information at registration
to avoid accessing the struct mmc_card at a later stage as we're not
holding a reference counter for this struct.

Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
instead of in mmc_rpmb_chrdev_open(). This is needed by the
route_frames() function pointer in struct rpmb_ops.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 239 insertions(+), 2 deletions(-)

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 32d49100dff5..a7f126fbc605 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -33,6 +33,7 @@
 #include <linux/cdev.h>
 #include <linux/mutex.h>
 #include <linux/scatterlist.h>
+#include <linux/string.h>
 #include <linux/string_helpers.h>
 #include <linux/delay.h>
 #include <linux/capability.h>
@@ -40,6 +41,7 @@
 #include <linux/pm_runtime.h>
 #include <linux/idr.h>
 #include <linux/debugfs.h>
+#include <linux/rpmb.h>
 
 #include <linux/mmc/ioctl.h>
 #include <linux/mmc/card.h>
@@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
 #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
 #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
 
+/**
+ * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
+ *
+ * @stuff        : stuff bytes
+ * @key_mac      : The authentication key or the message authentication
+ *                 code (MAC) depending on the request/response type.
+ *                 The MAC will be delivered in the last (or the only)
+ *                 block of data.
+ * @data         : Data to be written or read by signed access.
+ * @nonce        : Random number generated by the host for the requests
+ *                 and copied to the response by the RPMB engine.
+ * @write_counter: Counter value for the total amount of the successful
+ *                 authenticated data write requests made by the host.
+ * @addr         : Address of the data to be programmed to or read
+ *                 from the RPMB. Address is the serial number of
+ *                 the accessed block (half sector 256B).
+ * @block_count  : Number of blocks (half sectors, 256B) requested to be
+ *                 read/programmed.
+ * @result       : Includes information about the status of the write counter
+ *                 (valid, expired) and result of the access made to the RPMB.
+ * @req_resp     : Defines the type of request and response to/from the memory.
+ *
+ * The stuff bytes and big-endian properties are modeled to fit to the spec.
+ */
+struct rpmb_frame {
+	u8     stuff[196];
+	u8     key_mac[32];
+	u8     data[256];
+	u8     nonce[16];
+	__be32 write_counter;
+	__be16 addr;
+	__be16 block_count;
+	__be16 result;
+	__be16 req_resp;
+} __packed;
+
+#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
+#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
+#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
+#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
+#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
+
 static DEFINE_MUTEX(block_mutex);
 
 /*
@@ -163,6 +207,7 @@ struct mmc_rpmb_data {
 	int id;
 	unsigned int part_index;
 	struct mmc_blk_data *md;
+	struct rpmb_dev *rdev;
 	struct list_head node;
 };
 
@@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
 
 	get_device(&rpmb->dev);
 	filp->private_data = rpmb;
-	mmc_blk_get(rpmb->md->disk);
 
 	return nonseekable_open(inode, filp);
 }
@@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
 	struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
 						  struct mmc_rpmb_data, chrdev);
 
-	mmc_blk_put(rpmb->md);
 	put_device(&rpmb->dev);
 
 	return 0;
@@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
 {
 	struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
 
+	rpmb_dev_unregister(rpmb->rdev);
+	mmc_blk_put(rpmb->md);
 	ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
 	kfree(rpmb);
 }
 
+static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
+{
+	unsigned int n;
+
+	for (n = 0; n < cmd_count; n++)
+		kfree(idata[n]);
+	kfree(idata);
+}
+
+static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
+					     unsigned int cmd_count)
+{
+	struct mmc_blk_ioc_data **idata;
+	unsigned int n;
+
+	idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
+	if (!idata)
+		return NULL;
+
+	for (n = 0; n < cmd_count; n++) {
+		idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
+		if (!idata[n]) {
+			free_idata(idata, n);
+			return NULL;
+		}
+		idata[n]->rpmb = rpmb;
+	}
+
+	return idata;
+}
+
+static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
+		      int write_flag, u8 *buf, unsigned int buf_bytes)
+{
+	/*
+	 * The size of an RPMB frame must match what's expected by the
+	 * hardware.
+	 */
+	BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
+
+	idata->ic.opcode = opcode;
+	idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
+	idata->ic.write_flag = write_flag;
+	idata->ic.blksz = sizeof(struct rpmb_frame);
+	idata->ic.blocks = buf_bytes /  idata->ic.blksz;
+	idata->buf = buf;
+	idata->buf_bytes = buf_bytes;
+}
+
+static int mmc_route_rpmb_frames(struct device *dev, u8 *req,
+				 unsigned int req_len, u8 *resp,
+				 unsigned int resp_len)
+{
+	struct rpmb_frame *frm = (struct rpmb_frame *)req;
+	struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
+	struct mmc_blk_data *md = rpmb->md;
+	struct mmc_blk_ioc_data **idata;
+	struct mmc_queue_req *mq_rq;
+	unsigned int cmd_count;
+	struct request *rq;
+	u16 req_type;
+	bool write;
+	int ret;
+
+	if (IS_ERR(md->queue.card))
+		return PTR_ERR(md->queue.card);
+
+	if (req_len < sizeof(*frm))
+		return -EINVAL;
+
+	req_type = be16_to_cpu(frm->req_resp);
+	switch (req_type) {
+	case RPMB_PROGRAM_KEY:
+		if (req_len != sizeof(struct rpmb_frame) ||
+		    resp_len != sizeof(struct rpmb_frame))
+			return -EINVAL;
+		write = true;
+		break;
+	case RPMB_GET_WRITE_COUNTER:
+		if (req_len != sizeof(struct rpmb_frame) ||
+		    resp_len != sizeof(struct rpmb_frame))
+			return -EINVAL;
+		write = false;
+		break;
+	case RPMB_WRITE_DATA:
+		if (req_len % sizeof(struct rpmb_frame) ||
+		    resp_len != sizeof(struct rpmb_frame))
+			return -EINVAL;
+		write = true;
+		break;
+	case RPMB_READ_DATA:
+		if (req_len != sizeof(struct rpmb_frame) ||
+		    resp_len % sizeof(struct rpmb_frame))
+			return -EINVAL;
+		write = false;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	if (write)
+		cmd_count = 3;
+	else
+		cmd_count = 2;
+
+	idata = alloc_idata(rpmb, cmd_count);
+	if (!idata)
+		return -ENOMEM;
+
+	if (write) {
+		struct rpmb_frame *frm = (struct rpmb_frame *)resp;
+
+		/* Send write request frame(s) */
+		set_idata(idata[0], MMC_WRITE_MULTIPLE_BLOCK,
+			  1 | MMC_CMD23_ARG_REL_WR, req, req_len);
+
+		/* Send result request frame */
+		memset(frm, 0, sizeof(*frm));
+		frm->req_resp = cpu_to_be16(RPMB_RESULT_READ);
+		set_idata(idata[1], MMC_WRITE_MULTIPLE_BLOCK, 1, resp,
+			  resp_len);
+
+		/* Read response frame */
+		set_idata(idata[2], MMC_READ_MULTIPLE_BLOCK, 0, resp, resp_len);
+	} else {
+		/* Send write request frame(s) */
+		set_idata(idata[0], MMC_WRITE_MULTIPLE_BLOCK, 1, req, req_len);
+
+		/* Read response frame */
+		set_idata(idata[1], MMC_READ_MULTIPLE_BLOCK, 0, resp, resp_len);
+	}
+
+	rq = blk_mq_alloc_request(md->queue.queue, REQ_OP_DRV_OUT, 0);
+	if (IS_ERR(rq)) {
+		ret = PTR_ERR(rq);
+		goto out;
+	}
+
+	mq_rq = req_to_mmc_queue_req(rq);
+	mq_rq->drv_op = MMC_DRV_OP_IOCTL_RPMB;
+	mq_rq->drv_op_result = -EIO;
+	mq_rq->drv_op_data = idata;
+	mq_rq->ioc_count = cmd_count;
+	blk_execute_rq(rq, false);
+	ret = req_to_mmc_queue_req(rq)->drv_op_result;
+
+	blk_mq_free_request(rq);
+
+out:
+	free_idata(idata, cmd_count);
+	return ret;
+}
+
 static int mmc_blk_alloc_rpmb_part(struct mmc_card *card,
 				   struct mmc_blk_data *md,
 				   unsigned int part_index,
@@ -2741,6 +2939,7 @@ static int mmc_blk_alloc_rpmb_part(struct mmc_card *card,
 	rpmb->dev.release = mmc_blk_rpmb_device_release;
 	device_initialize(&rpmb->dev);
 	dev_set_drvdata(&rpmb->dev, rpmb);
+	mmc_blk_get(md->disk);
 	rpmb->md = md;
 
 	cdev_init(&rpmb->chrdev, &mmc_rpmb_fileops);
@@ -3002,6 +3201,42 @@ static void mmc_blk_remove_debugfs(struct mmc_card *card,
 
 #endif /* CONFIG_DEBUG_FS */
 
+static void mmc_blk_rpmb_add(struct mmc_card *card)
+{
+	struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
+	struct mmc_rpmb_data *rpmb;
+	struct rpmb_dev *rdev;
+	unsigned int n;
+	u32 cid[4];
+	struct rpmb_descr descr = {
+		.type = RPMB_TYPE_EMMC,
+		.route_frames = mmc_route_rpmb_frames,
+		.reliable_wr_count = card->ext_csd.enhanced_rpmb_supported ?
+				     2 : 32,
+		.capacity = card->ext_csd.raw_rpmb_size_mult,
+		.dev_id = (void *)cid,
+		.dev_id_len = sizeof(cid),
+	};
+
+	/*
+	 * Provice CID as an octet array. The CID needs to be interpreted
+	 * when used as input to derive the RPMB key since some fields
+	 * will change due to firmware updates.
+	 */
+	for (n = 0; n < 4; n++)
+		cid[n] = be32_to_cpu(card->raw_cid[n]);
+
+	list_for_each_entry(rpmb, &md->rpmbs, node) {
+		rdev = rpmb_dev_register(&rpmb->dev, &descr);
+		if (IS_ERR(rdev)) {
+			pr_warn("%s: could not register RPMB device\n",
+				dev_name(&rpmb->dev));
+			continue;
+		}
+		rpmb->rdev = rdev;
+	}
+}
+
 static int mmc_blk_probe(struct mmc_card *card)
 {
 	struct mmc_blk_data *md;
@@ -3047,6 +3282,8 @@ static int mmc_blk_probe(struct mmc_card *card)
 		pm_runtime_enable(&card->dev);
 	}
 
+	mmc_blk_rpmb_add(card);
+
 	return 0;
 
 out:
-- 
2.34.1

[PATCH v5 3/3] optee: probe RPMB device using RPMB subsystem

[Jens Wiklander]

Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and
use an RPMB device via the RPMB subsystem instead of passing the RPMB
frames via tee-supplicant in user space. A fallback mechanism is kept to
route RPMB frames via tee-supplicant if the RPMB subsystem isn't
available.

The OP-TEE RPC ABI is extended to support iterating over all RPMB
devices until one is found with the expected RPMB key already
programmed.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 drivers/tee/optee/core.c          |  30 ++++
 drivers/tee/optee/device.c        |   7 +
 drivers/tee/optee/ffa_abi.c       |   8 ++
 drivers/tee/optee/optee_private.h |  21 ++-
 drivers/tee/optee/optee_rpc_cmd.h |  35 +++++
 drivers/tee/optee/rpc.c           | 232 ++++++++++++++++++++++++++++++
 drivers/tee/optee/smc_abi.c       |   7 +
 7 files changed, 339 insertions(+), 1 deletion(-)

diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 3aed554bc8d8..082691c10a90 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -11,6 +11,7 @@
 #include <linux/io.h>
 #include <linux/mm.h>
 #include <linux/module.h>
+#include <linux/rpmb.h>
 #include <linux/slab.h>
 #include <linux/string.h>
 #include <linux/tee_drv.h>
@@ -80,6 +81,31 @@ void optee_pool_op_free_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
 	shm->pages = NULL;
 }
 
+void optee_bus_scan_rpmb(struct work_struct *work)
+{
+	struct optee *optee = container_of(work, struct optee,
+					   rpmb_scan_bus_work);
+	int ret;
+
+	if (!optee->rpmb_scan_bus_done) {
+		ret = optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
+		optee->rpmb_scan_bus_done = !ret;
+		if (ret && ret != -ENODEV)
+			pr_info("Scanning for RPMB device: ret %d\n", ret);
+	}
+}
+
+int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
+			 void *data)
+{
+	struct optee *optee = container_of(intf, struct optee, rpmb_intf);
+
+	if (action == RPMB_NOTIFY_ADD_DEVICE)
+		schedule_work(&optee->rpmb_scan_bus_work);
+
+	return 0;
+}
+
 static void optee_bus_scan(struct work_struct *work)
 {
 	WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP));
@@ -161,6 +187,8 @@ void optee_release_supp(struct tee_context *ctx)
 
 void optee_remove_common(struct optee *optee)
 {
+	rpmb_interface_unregister(&optee->rpmb_intf);
+	cancel_work_sync(&optee->rpmb_scan_bus_work);
 	/* Unregister OP-TEE specific client devices on TEE bus */
 	optee_unregister_devices();
 
@@ -177,6 +205,8 @@ void optee_remove_common(struct optee *optee)
 	tee_shm_pool_free(optee->pool);
 	optee_supp_uninit(&optee->supp);
 	mutex_destroy(&optee->call_queue.mutex);
+	rpmb_dev_put(optee->rpmb_dev);
+	mutex_destroy(&optee->rpmb_dev_mutex);
 }
 
 static int smc_abi_rc;
diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
index 4b1092127694..4274876857c8 100644
--- a/drivers/tee/optee/device.c
+++ b/drivers/tee/optee/device.c
@@ -43,6 +43,13 @@ static int get_devices(struct tee_context *ctx, u32 session,
 	ret = tee_client_invoke_func(ctx, &inv_arg, param);
 	if ((ret < 0) || ((inv_arg.ret != TEEC_SUCCESS) &&
 			  (inv_arg.ret != TEEC_ERROR_SHORT_BUFFER))) {
+		/*
+		 * TEE_ERROR_STORAGE_NOT_AVAILABLE is returned when getting
+		 * the list of device TAs that depends on RPMB but a usable
+		 * RPMB device isn't found.
+		 */
+		if (inv_arg.ret == TEE_ERROR_STORAGE_NOT_AVAILABLE)
+			return -ENODEV;
 		pr_err("PTA_CMD_GET_DEVICES invoke function err: %x\n",
 		       inv_arg.ret);
 		return -EINVAL;
diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c
index ecb5eb079408..a8dfdb30b4e8 100644
--- a/drivers/tee/optee/ffa_abi.c
+++ b/drivers/tee/optee/ffa_abi.c
@@ -7,6 +7,7 @@
 
 #include <linux/arm_ffa.h>
 #include <linux/errno.h>
+#include <linux/rpmb.h>
 #include <linux/scatterlist.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
@@ -934,6 +935,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
 	optee_cq_init(&optee->call_queue, 0);
 	optee_supp_init(&optee->supp);
 	optee_shm_arg_cache_init(optee, arg_cache_flags);
+	mutex_init(&optee->rpmb_dev_mutex);
 	ffa_dev_set_drvdata(ffa_dev, optee);
 	ctx = teedev_open(optee->teedev);
 	if (IS_ERR(ctx)) {
@@ -955,6 +957,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
 	if (rc)
 		goto err_unregister_devices;
 
+	INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
+	optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
+	rpmb_interface_register(&optee->rpmb_intf);
 	pr_info("initialized driver\n");
 	return 0;
 
@@ -968,6 +973,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
 	teedev_close_context(ctx);
 err_rhashtable_free:
 	rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL);
+	rpmb_dev_put(optee->rpmb_dev);
+	mutex_destroy(&optee->rpmb_dev_mutex);
+	rpmb_interface_unregister(&optee->rpmb_intf);
 	optee_supp_uninit(&optee->supp);
 	mutex_destroy(&optee->call_queue.mutex);
 	mutex_destroy(&optee->ffa.mutex);
diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
index 7a5243c78b55..ae72f3dda1d2 100644
--- a/drivers/tee/optee/optee_private.h
+++ b/drivers/tee/optee/optee_private.h
@@ -8,6 +8,7 @@
 
 #include <linux/arm-smccc.h>
 #include <linux/rhashtable.h>
+#include <linux/rpmb.h>
 #include <linux/semaphore.h>
 #include <linux/tee_drv.h>
 #include <linux/types.h>
@@ -20,11 +21,13 @@
 /* Some Global Platform error codes used in this driver */
 #define TEEC_SUCCESS			0x00000000
 #define TEEC_ERROR_BAD_PARAMETERS	0xFFFF0006
+#define TEEC_ERROR_ITEM_NOT_FOUND	0xFFFF0008
 #define TEEC_ERROR_NOT_SUPPORTED	0xFFFF000A
 #define TEEC_ERROR_COMMUNICATION	0xFFFF000E
 #define TEEC_ERROR_OUT_OF_MEMORY	0xFFFF000C
 #define TEEC_ERROR_BUSY			0xFFFF000D
 #define TEEC_ERROR_SHORT_BUFFER		0xFFFF0010
+#define TEE_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003
 
 #define TEEC_ORIGIN_COMMS		0x00000002
 
@@ -197,6 +200,12 @@ struct optee_ops {
  * @notif:		notification synchronization struct
  * @supp:		supplicant synchronization struct for RPC to supplicant
  * @pool:		shared memory pool
+ * @mutex:		mutex protecting @rpmb_dev
+ * @rpmb_dev:		current RPMB device or NULL
+ * @rpmb_scan_bus_done	flag if device registation of RPMB dependent devices
+ *			was already done
+ * @rpmb_scan_bus_work	workq to for an RPMB device and to scan optee bus
+ *			and register RPMB dependent optee drivers
  * @rpc_param_count:	If > 0 number of RPC parameters to make room for
  * @scan_bus_done	flag if device registation was already done.
  * @scan_bus_work	workq to scan optee bus and register optee drivers
@@ -215,9 +224,15 @@ struct optee {
 	struct optee_notif notif;
 	struct optee_supp supp;
 	struct tee_shm_pool *pool;
+	/* Protects rpmb_dev pointer */
+	struct mutex rpmb_dev_mutex;
+	struct rpmb_dev *rpmb_dev;
+	struct notifier_block rpmb_intf;
 	unsigned int rpc_param_count;
-	bool   scan_bus_done;
+	bool scan_bus_done;
+	bool rpmb_scan_bus_done;
 	struct work_struct scan_bus_work;
+	struct work_struct rpmb_scan_bus_work;
 };
 
 struct optee_session {
@@ -280,8 +295,12 @@ int optee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session);
 
 #define PTA_CMD_GET_DEVICES		0x0
 #define PTA_CMD_GET_DEVICES_SUPP	0x1
+#define PTA_CMD_GET_DEVICES_RPMB	0x2
 int optee_enumerate_devices(u32 func);
 void optee_unregister_devices(void);
+void optee_bus_scan_rpmb(struct work_struct *work);
+int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
+			 void *data);
 
 int optee_pool_op_alloc_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
 			       size_t size, size_t align,
diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h
index f3f06e0994a7..f351a8ac69fc 100644
--- a/drivers/tee/optee/optee_rpc_cmd.h
+++ b/drivers/tee/optee/optee_rpc_cmd.h
@@ -16,6 +16,14 @@
  * and sends responses.
  */
 
+/*
+ * Replay Protected Memory Block access
+ *
+ * [in]     memref[0]	    Frames to device
+ * [out]    memref[1]	    Frames from device
+ */
+#define OPTEE_RPC_CMD_RPMB		1
+
 /*
  * Get time
  *
@@ -103,4 +111,31 @@
 /* I2C master control flags */
 #define OPTEE_RPC_I2C_FLAGS_TEN_BIT	BIT(0)
 
+/*
+ * Reset RPMB probing
+ *
+ * Releases an eventually already used RPMB devices and starts over searching
+ * for RPMB devices. Returns the kind of shared memory to use in subsequent
+ * OPTEE_RPC_CMD_RPMB_PROBE_NEXT and OPTEE_RPC_CMD_RPMB calls.
+ *
+ * [out]    value[0].a	    OPTEE_RPC_SHM_TYPE_*, the parameter for
+ *			    OPTEE_RPC_CMD_SHM_ALLOC
+ */
+#define OPTEE_RPC_CMD_RPMB_PROBE_RESET	22
+
+/*
+ * Probe next RPMB device
+ *
+ * [out]    value[0].a	    Type of RPMB device, OPTEE_RPC_RPMB_*
+ * [out]    value[0].b	    EXT CSD-slice 168 "RPMB Size"
+ * [out]    value[0].c	    EXT CSD-slice 222 "Reliable Write Sector Count"
+ * [out]    memref[1]       Buffer with the raw CID
+ */
+#define OPTEE_RPC_CMD_RPMB_PROBE_NEXT	23
+
+/* Type of RPMB device */
+#define OPTEE_RPC_RPMB_EMMC		0
+#define OPTEE_RPC_RPMB_UFS		1
+#define OPTEE_RPC_RPMB_NVME		2
+
 #endif /*__OPTEE_RPC_CMD_H*/
diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
index e69bc6380683..a3e4c1830f39 100644
--- a/drivers/tee/optee/rpc.c
+++ b/drivers/tee/optee/rpc.c
@@ -7,6 +7,7 @@
 
 #include <linux/delay.h>
 #include <linux/i2c.h>
+#include <linux/rpmb.h>
 #include <linux/slab.h>
 #include <linux/tee_drv.h>
 #include "optee_private.h"
@@ -255,6 +256,228 @@ void optee_rpc_cmd_free_suppl(struct tee_context *ctx, struct tee_shm *shm)
 	optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_FREE, 1, &param);
 }
 
+static void handle_rpc_func_rpmb_probe_reset(struct tee_context *ctx,
+					     struct optee *optee,
+					     struct optee_msg_arg *arg)
+{
+	struct tee_param params[1];
+
+	if (!IS_ENABLED(CONFIG_RPMB)) {
+		handle_rpc_supp_cmd(ctx, optee, arg);
+		return;
+	}
+
+	if (arg->num_params != ARRAY_SIZE(params) ||
+	    optee->ops->from_msg_param(optee, params, arg->num_params,
+				       arg->params) ||
+	    params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) {
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+		return;
+	}
+
+	params[0].u.value.a = OPTEE_RPC_SHM_TYPE_KERNEL;
+	params[0].u.value.b = 0;
+	params[0].u.value.c = 0;
+	if (optee->ops->to_msg_param(optee, arg->params,
+				     arg->num_params, params)) {
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+		return;
+	}
+
+	mutex_lock(&optee->rpmb_dev_mutex);
+	rpmb_dev_put(optee->rpmb_dev);
+	optee->rpmb_dev = NULL;
+	mutex_unlock(&optee->rpmb_dev_mutex);
+
+	arg->ret = TEEC_SUCCESS;
+}
+
+static int rpmb_type_to_rpc_type(enum rpmb_type rtype)
+{
+	switch (rtype) {
+	case RPMB_TYPE_EMMC:
+		return OPTEE_RPC_RPMB_EMMC;
+	case RPMB_TYPE_UFS:
+		return OPTEE_RPC_RPMB_UFS;
+	case RPMB_TYPE_NVME:
+		return OPTEE_RPC_RPMB_NVME;
+	default:
+		return -1;
+	}
+}
+
+static int rpc_rpmb_match(struct rpmb_dev *rdev, const void *data)
+{
+	return rpmb_type_to_rpc_type(rdev->descr.type) >= 0;
+}
+
+static void handle_rpc_func_rpmb_probe_next(struct tee_context *ctx,
+					    struct optee *optee,
+					    struct optee_msg_arg *arg)
+{
+	struct rpmb_dev *rdev;
+	struct tee_param params[2];
+	void *buf;
+
+	if (!IS_REACHABLE(CONFIG_RPMB)) {
+		handle_rpc_supp_cmd(ctx, optee, arg);
+		return;
+	}
+
+	if (arg->num_params != ARRAY_SIZE(params) ||
+	    optee->ops->from_msg_param(optee, params, arg->num_params,
+				       arg->params) ||
+	    params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT ||
+	    params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+		return;
+	}
+	buf = tee_shm_get_va(params[1].u.memref.shm,
+			     params[1].u.memref.shm_offs);
+	if (!buf) {
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+		return;
+	}
+
+	mutex_lock(&optee->rpmb_dev_mutex);
+	rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
+	rpmb_dev_put(optee->rpmb_dev);
+	optee->rpmb_dev = rdev;
+	mutex_unlock(&optee->rpmb_dev_mutex);
+
+	if (!rdev) {
+		arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
+		return;
+	}
+
+	if (params[1].u.memref.size < rdev->descr.dev_id_len) {
+		arg->ret = TEEC_ERROR_SHORT_BUFFER;
+		return;
+	}
+	memcpy(buf, rdev->descr.dev_id, rdev->descr.dev_id_len);
+	params[1].u.memref.size = rdev->descr.dev_id_len;
+	params[0].u.value.a = rpmb_type_to_rpc_type(rdev->descr.type);
+	params[0].u.value.b = rdev->descr.capacity;
+	params[0].u.value.c = rdev->descr.reliable_wr_count;
+	if (optee->ops->to_msg_param(optee, arg->params,
+				     arg->num_params, params)) {
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+		return;
+	}
+
+	arg->ret = TEEC_SUCCESS;
+}
+
+/* Request */
+struct rpmb_req {
+	u16 cmd;
+#define RPMB_CMD_DATA_REQ      0x00
+#define RPMB_CMD_GET_DEV_INFO  0x01
+	u16 dev_id;
+	u16 block_count;
+	/* Optional data frames (rpmb_data_frame) follow */
+};
+
+#define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1))
+
+#define RPMB_CID_SZ 16
+
+/* Response to device info request */
+struct rpmb_dev_info {
+	u8 cid[RPMB_CID_SZ];
+	u8 rpmb_size_mult;	/* RPMB size in units of 128kB */
+	u8 reliable_wr_count;	/* RPMB write size in units of 256 bytes */
+	u8 ret_code;
+#define RPMB_CMD_GET_DEV_INFO_RET_OK     0x00
+#define RPMB_CMD_GET_DEV_INFO_RET_ERROR  0x01
+};
+
+static int get_dev_info(struct rpmb_dev *rdev, void *rsp, size_t rsp_size)
+{
+	struct rpmb_dev_info *dev_info;
+
+	if (rsp_size != sizeof(*dev_info))
+		return TEEC_ERROR_BAD_PARAMETERS;
+
+	dev_info = rsp;
+	memcpy(dev_info->cid, rdev->descr.dev_id, sizeof(dev_info->cid));
+	dev_info->rpmb_size_mult = rdev->descr.capacity;
+	dev_info->reliable_wr_count = rdev->descr.reliable_wr_count;
+	dev_info->ret_code = RPMB_CMD_GET_DEV_INFO_RET_OK;
+
+	return TEEC_SUCCESS;
+}
+
+/*
+ * req is one struct rpmb_req followed by one or more struct rpmb_data_frame
+ * rsp is either one struct rpmb_dev_info or one or more struct rpmb_data_frame
+ */
+static u32 rpmb_process_request(struct optee *optee, struct rpmb_dev *rdev,
+				void *req, size_t req_size,
+				void *rsp, size_t rsp_size)
+{
+	struct rpmb_req *sreq = req;
+	int rc;
+
+	if (req_size < sizeof(*sreq))
+		return TEEC_ERROR_BAD_PARAMETERS;
+
+	switch (sreq->cmd) {
+	case RPMB_CMD_DATA_REQ:
+		rc = rpmb_route_frames(rdev, RPMB_REQ_DATA(req),
+				       req_size - sizeof(struct rpmb_req),
+				       rsp, rsp_size);
+		if (rc)
+			return TEEC_ERROR_BAD_PARAMETERS;
+		return TEEC_SUCCESS;
+	case RPMB_CMD_GET_DEV_INFO:
+		return get_dev_info(rdev, rsp, rsp_size);
+	default:
+		return TEEC_ERROR_BAD_PARAMETERS;
+	}
+}
+
+static void handle_rpc_func_rpmb(struct tee_context *ctx, struct optee *optee,
+				 struct optee_msg_arg *arg)
+{
+	struct tee_param params[2];
+	struct rpmb_dev *rdev;
+	void *p0, *p1;
+
+	mutex_lock(&optee->rpmb_dev_mutex);
+	rdev = rpmb_dev_get(optee->rpmb_dev);
+	mutex_unlock(&optee->rpmb_dev_mutex);
+	if (!rdev) {
+		handle_rpc_supp_cmd(ctx, optee, arg);
+		return;
+	}
+
+	if (arg->num_params != ARRAY_SIZE(params) ||
+	    optee->ops->from_msg_param(optee, params, arg->num_params,
+				       arg->params) ||
+	    params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT ||
+	    params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+		goto out;
+	}
+
+	p0 = tee_shm_get_va(params[0].u.memref.shm,
+			    params[0].u.memref.shm_offs);
+	p1 = tee_shm_get_va(params[1].u.memref.shm,
+			    params[1].u.memref.shm_offs);
+	arg->ret = rpmb_process_request(optee, rdev, p0,
+					params[0].u.memref.size,
+					p1, params[1].u.memref.size);
+	if (arg->ret)
+		goto out;
+
+	if (optee->ops->to_msg_param(optee, arg->params,
+				     arg->num_params, params))
+		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
+out:
+	rpmb_dev_put(rdev);
+}
+
 void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
 		   struct optee_msg_arg *arg)
 {
@@ -271,6 +494,15 @@ void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
 	case OPTEE_RPC_CMD_I2C_TRANSFER:
 		handle_rpc_func_cmd_i2c_transfer(ctx, arg);
 		break;
+	case OPTEE_RPC_CMD_RPMB_PROBE_RESET:
+		handle_rpc_func_rpmb_probe_reset(ctx, optee, arg);
+		break;
+	case OPTEE_RPC_CMD_RPMB_PROBE_NEXT:
+		handle_rpc_func_rpmb_probe_next(ctx, optee, arg);
+		break;
+	case OPTEE_RPC_CMD_RPMB:
+		handle_rpc_func_rpmb(ctx, optee, arg);
+		break;
 	default:
 		handle_rpc_supp_cmd(ctx, optee, arg);
 	}
diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
index a37f87087e5c..c23bcf35c8cb 100644
--- a/drivers/tee/optee/smc_abi.c
+++ b/drivers/tee/optee/smc_abi.c
@@ -20,6 +20,7 @@
 #include <linux/of_irq.h>
 #include <linux/of_platform.h>
 #include <linux/platform_device.h>
+#include <linux/rpmb.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/string.h>
@@ -1715,6 +1716,7 @@ static int optee_probe(struct platform_device *pdev)
 	optee->smc.memremaped_shm = memremaped_shm;
 	optee->pool = pool;
 	optee_shm_arg_cache_init(optee, arg_cache_flags);
+	mutex_init(&optee->rpmb_dev_mutex);
 
 	platform_set_drvdata(pdev, optee);
 	ctx = teedev_open(optee->teedev);
@@ -1769,6 +1771,9 @@ static int optee_probe(struct platform_device *pdev)
 	if (rc)
 		goto err_disable_shm_cache;
 
+	INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
+	optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
+	rpmb_interface_register(&optee->rpmb_intf);
 	pr_info("initialized driver\n");
 	return 0;
 
@@ -1782,6 +1787,8 @@ static int optee_probe(struct platform_device *pdev)
 err_close_ctx:
 	teedev_close_context(ctx);
 err_supp_uninit:
+	rpmb_dev_put(optee->rpmb_dev);
+	mutex_destroy(&optee->rpmb_dev_mutex);
 	optee_shm_arg_cache_uninit(optee);
 	optee_supp_uninit(&optee->supp);
 	mutex_destroy(&optee->call_queue.mutex);
-- 
2.34.1

RE: [PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

[Avri Altman]

> The OP-TEE driver finds the correct RPMB device to interact with by
> iterating over available devices until one is found with a programmed
> authentication matching the one OP-TEE is using. This enables coexisting
> users of other RPMBs since the owner can be determined by who knows the
> authentication key.
Devices in plural?
I am unaware of any board with multi eMMC devices soldered.
Can you refer me to such a platform?

Thanks,
Avri

Re: [PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

[Jens Wiklander]

On Tue, Apr 23, 2024 at 8:42 AM Avri Altman <Avri.Altman@wdc.com> wrote:
>
> > The OP-TEE driver finds the correct RPMB device to interact with by
> > iterating over available devices until one is found with a programmed
> > authentication matching the one OP-TEE is using. This enables coexisting
> > users of other RPMBs since the owner can be determined by who knows the
> > authentication key.
> Devices in plural?
> I am unaware of any board with multi eMMC devices soldered.
> Can you refer me to such a platform?

I'm testing with a Hikey960 (HiSilicon Kirin 620)
https://www.96boards.org/product/hikey
It has one soldered eMMC and one removable eMMC.

Cheers,
Jens

RE: [PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

[Avri Altman]

> On Tue, Apr 23, 2024 at 8:42 AM Avri Altman <Avri.Altman@wdc.com> wrote:
> >
> > > The OP-TEE driver finds the correct RPMB device to interact with by
> > > iterating over available devices until one is found with a
> > > programmed authentication matching the one OP-TEE is using. This
> > > enables coexisting users of other RPMBs since the owner can be
> > > determined by who knows the authentication key.
> > Devices in plural?
> > I am unaware of any board with multi eMMC devices soldered.
> > Can you refer me to such a platform?
> 
> I'm testing with a Hikey960 (HiSilicon Kirin 620)
> https://www.96boards.org/product/hikey
> It has one soldered eMMC and one removable eMMC.
I used to have that board but with a UFS2.1 version, so I can't really tell.
https://github.com/96boards/documentation/blob/master/consumer/hikey/hikey620/hardware-docs/hardware-user-manual.md#storage
indicating only a single eMMC device and a SD.

Either way, AFAIK there are no production designs that make use of more than a single embedded flash storage.
This goes for both eMMC and UFS.

Thanks,
Avri

> 
> Cheers,
> Jens

Re: [PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

[Jens Wiklander]

On Tue, Apr 23, 2024 at 10:22 AM Avri Altman <Avri.Altman@wdc.com> wrote:
>
> > On Tue, Apr 23, 2024 at 8:42 AM Avri Altman <Avri.Altman@wdc.com> wrote:
> > >
> > > > The OP-TEE driver finds the correct RPMB device to interact with by
> > > > iterating over available devices until one is found with a
> > > > programmed authentication matching the one OP-TEE is using. This
> > > > enables coexisting users of other RPMBs since the owner can be
> > > > determined by who knows the authentication key.
> > > Devices in plural?
> > > I am unaware of any board with multi eMMC devices soldered.
> > > Can you refer me to such a platform?
> >
> > I'm testing with a Hikey960 (HiSilicon Kirin 620)
> > https://www.96boards.org/product/hikey
> > It has one soldered eMMC and one removable eMMC.
> I used to have that board but with a UFS2.1 version, so I can't really tell.
> https://github.com/96boards/documentation/blob/master/consumer/hikey/hikey620/hardware-docs/hardware-user-manual.md#storage
> indicating only a single eMMC device and a SD.

That's what I'm testing with, the kernel finds two RPMBs with
different CIDs. I'm running my tests with the removable one.

> Either way, AFAIK there are no production designs that make use of more than a single embedded flash storage.
> This goes for both eMMC and UFS.

OK

Thanks,
Jens

Re: [PATCH v5 1/3] rpmb: add Replay Protected Memory Block (RPMB) subsystem

[Manuel Traut]

On Mon, Apr 22, 2024 at 11:19:34AM +0200, Jens Wiklander wrote:
> A number of storage technologies support a specialised hardware
> partition designed to be resistant to replay attacks. The underlying
> HW protocols differ but the operations are common. The RPMB partition
> cannot be accessed via standard block layer, but by a set of specific
> RPMB commands. Such a partition provides authenticated and replay
> protected access, hence suitable as a secure storage.
> 
> The initial aim of this patch is to provide a simple RPMB driver
> interface which can be accessed by the optee driver to facilitate early
> RPMB access to OP-TEE OS (secure OS) during the boot time.
> 
> A TEE device driver can claim the RPMB interface, for example, via
> rpmb_interface_register() or rpmb_dev_find_device(). The RPMB driver
> provides a callback to route RPMB frames to the RPMB device accessible
> via rpmb_route_frames().
> 
> The detailed operation of implementing the access is left to the TEE
> device driver itself.
> 
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Shyam Saini <shyamsaini@linux.microsoft.com>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
> ---
>  MAINTAINERS              |   7 ++
>  drivers/misc/Kconfig     |  10 ++
>  drivers/misc/Makefile    |   1 +
>  drivers/misc/rpmb-core.c | 232 +++++++++++++++++++++++++++++++++++++++
>  include/linux/rpmb.h     | 136 +++++++++++++++++++++++
>  5 files changed, 386 insertions(+)
>  create mode 100644 drivers/misc/rpmb-core.c
>  create mode 100644 include/linux/rpmb.h
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 8999497011a2..e83152c42499 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -19012,6 +19012,13 @@ T:	git git://linuxtv.org/media_tree.git
>  F:	Documentation/devicetree/bindings/media/allwinner,sun8i-a83t-de2-rotate.yaml
>  F:	drivers/media/platform/sunxi/sun8i-rotate/
>  
> +RPMB SUBSYSTEM
> +M:	Jens Wiklander <jens.wiklander@linaro.org>
> +L:	linux-kernel@vger.kernel.org
> +S:	Supported
> +F:	drivers/misc/rpmb-core.c
> +F:	include/linux/rpmb.h
> +
>  RPMSG TTY DRIVER
>  M:	Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
>  L:	linux-remoteproc@vger.kernel.org
> diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
> index 4fb291f0bf7c..dbff9e8c3a03 100644
> --- a/drivers/misc/Kconfig
> +++ b/drivers/misc/Kconfig
> @@ -104,6 +104,16 @@ config PHANTOM
>  	  If you choose to build module, its name will be phantom. If unsure,
>  	  say N here.
>  
> +config RPMB
> +	tristate "RPMB partition interface"
> +	depends on MMC
> +	help
> +	  Unified RPMB unit interface for RPMB capable devices such as eMMC and
> +	  UFS. Provides interface for in-kernel security controllers to access
> +	  RPMB unit.
> +
> +	  If unsure, select N.
> +
>  config TIFM_CORE
>  	tristate "TI Flash Media interface support"
>  	depends on PCI
> diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
> index ea6ea5bbbc9c..8af058ad1df4 100644
> --- a/drivers/misc/Makefile
> +++ b/drivers/misc/Makefile
> @@ -15,6 +15,7 @@ obj-$(CONFIG_LKDTM)		+= lkdtm/
>  obj-$(CONFIG_TIFM_CORE)       	+= tifm_core.o
>  obj-$(CONFIG_TIFM_7XX1)       	+= tifm_7xx1.o
>  obj-$(CONFIG_PHANTOM)		+= phantom.o
> +obj-$(CONFIG_RPMB)		+= rpmb-core.o
>  obj-$(CONFIG_QCOM_COINCELL)	+= qcom-coincell.o
>  obj-$(CONFIG_QCOM_FASTRPC)	+= fastrpc.o
>  obj-$(CONFIG_SENSORS_BH1770)	+= bh1770glc.o
> diff --git a/drivers/misc/rpmb-core.c b/drivers/misc/rpmb-core.c
> new file mode 100644
> index 000000000000..5479469c26f3
> --- /dev/null
> +++ b/drivers/misc/rpmb-core.c
> @@ -0,0 +1,232 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright(c) 2015 - 2019 Intel Corporation. All rights reserved.
> + * Copyright(c) 2021 - 2024 Linaro Ltd.
> + */
> +#include <linux/device.h>
> +#include <linux/init.h>
> +#include <linux/kernel.h>
> +#include <linux/list.h>
> +#include <linux/module.h>
> +#include <linux/mutex.h>
> +#include <linux/rpmb.h>
> +#include <linux/slab.h>
> +
> +static struct list_head rpmb_dev_list;
> +static DEFINE_MUTEX(rpmb_mutex);
> +static struct blocking_notifier_head rpmb_interface =
> +	BLOCKING_NOTIFIER_INIT(rpmb_interface);
> +
> +/**
> + * rpmb_dev_get() - increase rpmb device ref counter
> + * @rdev: rpmb device
> + */
> +struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
> +{
> +	if (rdev)
> +		get_device(rdev->parent_dev);
> +	return rdev;
> +}
> +EXPORT_SYMBOL_GPL(rpmb_dev_get);
> +
> +/**
> + * rpmb_dev_put() - decrease rpmb device ref counter
> + * @rdev: rpmb device
> + */
> +void rpmb_dev_put(struct rpmb_dev *rdev)
> +{
> +	if (rdev)
> +		put_device(rdev->parent_dev);
> +}
> +EXPORT_SYMBOL_GPL(rpmb_dev_put);
> +
> +/**
> + * rpmb_route_frames() - route rpmb frames to rpmb device
> + * @rdev:	rpmb device
> + * @req:	rpmb request frames
> + * @req_len:	length of rpmb request frames in bytes
> + * @rsp:	rpmb response frames
> + * @rsp_len:	length of rpmb response frames in bytes
> + *
> + * Returns: < 0 on failure
> + */
> +int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
> +		      unsigned int req_len, u8 *rsp, unsigned int rsp_len)
> +{
> +	if (!req || !req_len || !rsp || !rsp_len)
> +		return -EINVAL;
> +
> +	return rdev->descr.route_frames(rdev->parent_dev, req, req_len,
> +					rsp, rsp_len);
> +}
> +EXPORT_SYMBOL_GPL(rpmb_route_frames);
> +
> +/**
> + * rpmb_dev_find_device() - return first matching rpmb device
> + * @data: data for the match function
> + * @match: the matching function
> + *
> + * Iterate over registered RPMB devices, and call @match() for each passing
> + * it the RPMB device and @data.
> + *
> + * The return value of @match() is checked for each call. If it returns
> + * anything other 0, break and return the found RPMB device.
> + *
> + * It's the callers responsibility to call rpmb_dev_put() on the returned
> + * device, when it's done with it.
> + *
> + * Returns: a matching rpmb device or NULL on failure
> + */
> +struct rpmb_dev *rpmb_dev_find_device(const void *data,
> +				      const struct rpmb_dev *start,
> +				      int (*match)(struct rpmb_dev *rdev,
> +						   const void *data))
> +{
> +	struct rpmb_dev *rdev;
> +	struct list_head *pos;
> +
> +	mutex_lock(&rpmb_mutex);
> +	if (start)
> +		pos = start->list_node.next;
> +	else
> +		pos = rpmb_dev_list.next;
> +
> +	while (pos != &rpmb_dev_list) {
> +		rdev = container_of(pos, struct rpmb_dev, list_node);
> +		if (match(rdev, data)) {
> +			rpmb_dev_get(rdev);
> +			goto out;
> +		}
> +		pos = pos->next;
> +	}
> +	rdev = NULL;
> +
> +out:
> +	mutex_unlock(&rpmb_mutex);
> +
> +	return rdev;
> +}

EXPORT_SYMBOL_GPL missing?

> +/**
> + * rpmb_dev_unregister() - unregister RPMB partition from the RPMB subsystem
> + * @rdev: the rpmb device to unregister
> + *
> + * This function should be called from the release function of the
> + * underlying device used when the RPMB device was registered.
> + *
> + * Returns: < 0 on failure
> + */
> +int rpmb_dev_unregister(struct rpmb_dev *rdev)
> +{
> +	if (!rdev)
> +		return -EINVAL;
> +
> +	mutex_lock(&rpmb_mutex);
> +	list_del(&rdev->list_node);
> +	mutex_unlock(&rpmb_mutex);
> +	kfree(rdev->descr.dev_id);
> +	kfree(rdev);
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL_GPL(rpmb_dev_unregister);
> +
> +/**
> + * rpmb_dev_register - register RPMB partition with the RPMB subsystem
> + * @dev: storage device of the rpmb device
> + * @ops: device specific operations
> + *
> + * While registering the RPMB partition extract needed device information
> + * while needed resources are available.
> + *
> + * Returns: a pointer to a 'struct rpmb_dev' or an ERR_PTR on failure
> + */
> +struct rpmb_dev *rpmb_dev_register(struct device *dev,
> +				   struct rpmb_descr *descr)
> +{
> +	struct rpmb_dev *rdev;
> +
> +	if (!dev || !descr || !descr->route_frames || !descr->dev_id ||
> +	    !descr->dev_id_len)
> +		return ERR_PTR(-EINVAL);
> +
> +	rdev = kzalloc(sizeof(*rdev), GFP_KERNEL);
> +	if (!rdev)
> +		return ERR_PTR(-ENOMEM);
> +	rdev->descr = *descr;
> +	rdev->descr.dev_id = kmemdup(descr->dev_id, descr->dev_id_len,
> +				     GFP_KERNEL);
> +	if (!rdev->descr.dev_id) {
> +		kfree(rdev);
> +		return ERR_PTR(-ENOMEM);
> +	}
> +
> +	rdev->parent_dev = dev;
> +
> +	dev_dbg(rdev->parent_dev, "registered device\n");
> +
> +	mutex_lock(&rpmb_mutex);
> +	list_add_tail(&rdev->list_node, &rpmb_dev_list);
> +	blocking_notifier_call_chain(&rpmb_interface, RPMB_NOTIFY_ADD_DEVICE,
> +				     rdev);
> +	mutex_unlock(&rpmb_mutex);
> +
> +	return rdev;
> +}
> +EXPORT_SYMBOL_GPL(rpmb_dev_register);
> +
> +/**
> + * rpmb_interface_register() - register for new device notifications
> + *
> + * @nb : New entry in notifier chain
> + *
> + * Returns: 0 on success  -EEXIST on error.
> + */
> +int rpmb_interface_register(struct notifier_block *nb)
> +{
> +	struct rpmb_dev *rdev;
> +	int ret;
> +
> +	ret = blocking_notifier_chain_register(&rpmb_interface, nb);
> +	if (ret)
> +		return ret;
> +
> +	mutex_lock(&rpmb_mutex);
> +	list_for_each_entry(rdev, &rpmb_dev_list, list_node)
> +		nb->notifier_call(nb, RPMB_NOTIFY_ADD_DEVICE, rdev);
> +	mutex_unlock(&rpmb_mutex);
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL_GPL(rpmb_interface_register);
> +
> +/**
> + * rpmb_interface_unregister() - unregister from new device notifications
> + *
> + * @nb : Entry to remove from notifier chain
> + *
> + * Returns: 0 on success or -ENOENT on failure.
> + */
> +int rpmb_interface_unregister(struct notifier_block *nb)
> +{
> +	return blocking_notifier_chain_unregister(&rpmb_interface, nb);
> +}
> +EXPORT_SYMBOL_GPL(rpmb_interface_unregister);
> +
> +static int __init rpmb_init(void)
> +{
> +	INIT_LIST_HEAD(&rpmb_dev_list);
> +	return 0;
> +}
> +
> +static void __exit rpmb_exit(void)
> +{
> +	mutex_destroy(&rpmb_mutex);
> +}
> +
> +subsys_initcall(rpmb_init);
> +module_exit(rpmb_exit);
> +
> +MODULE_AUTHOR("Jens Wiklander <jens.wiklander@linaro.org>");
> +MODULE_DESCRIPTION("RPMB class");
> +MODULE_LICENSE("GPL");
> diff --git a/include/linux/rpmb.h b/include/linux/rpmb.h
> new file mode 100644
> index 000000000000..3ced206fdc17
> --- /dev/null
> +++ b/include/linux/rpmb.h
> @@ -0,0 +1,136 @@
> +/* SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0 */
> +/*
> + * Copyright (C) 2015-2019 Intel Corp. All rights reserved
> + * Copyright (C) 2021-2022 Linaro Ltd
> + */
> +#ifndef __RPMB_H__
> +#define __RPMB_H__
> +
> +#include <linux/types.h>
> +#include <linux/device.h>
> +#include <linux/notifier.h>
> +
> +/**
> + * enum rpmb_type - type of underlying storage technology
> + *
> + * @RPMB_TYPE_EMMC  : emmc (JESD84-B50.1)
> + * @RPMB_TYPE_UFS   : UFS (JESD220)
> + * @RPMB_TYPE_NVME  : NVM Express
> + */
> +enum rpmb_type {
> +	RPMB_TYPE_EMMC,
> +	RPMB_TYPE_UFS,
> +	RPMB_TYPE_NVME,
> +};
> +
> +/**
> + * struct rpmb_descr - RPMB description provided by the underlying block device
> + *
> + * @type             : block device type
> + * @route_frames     : routes frames to and from the RPMB device
> + * @dev_id           : unique device identifier read from the hardware
> + * @dev_id_len       : length of unique device identifier
> + * @reliable_wr_count: number of sectors that can be written in one access
> + * @capacity         : capacity of the device in units of 128K
> + *
> + * @dev_id is intended to be used as input when deriving the authenticaion key.
> + */
> +struct rpmb_descr {
> +	enum rpmb_type type;
> +	int (*route_frames)(struct device *dev, u8 *req, unsigned int req_len,
> +			    u8 *resp, unsigned int resp_len);
> +	u8 *dev_id;
> +	size_t dev_id_len;
> +	u16 reliable_wr_count;
> +	u16 capacity;
> +};
> +
> +/**
> + * struct rpmb_dev - device which can support RPMB partition
> + *
> + * @parent_dev       : parent device
> + * @list_node        : linked list node
> + * @descr            : RPMB description
> + */
> +struct rpmb_dev {
> +	struct device *parent_dev;
> +	struct list_head list_node;
> +	struct rpmb_descr descr;
> +};
> +
> +enum rpmb_interface_action {
> +	RPMB_NOTIFY_ADD_DEVICE,
> +};
> +
> +/**
> + * struct rpmb_interface - subscribe to new RPMB devices
> + *
> + * @list_node     : linked list node
> + * @add_rdev      : notifies that a new RPMB device has been found
> + */
> +struct rpmb_interface {
> +	struct list_head list_node;
> +	void (*add_rdev)(struct rpmb_interface *intf, struct rpmb_dev *rdev);
> +};
> +
> +#if IS_ENABLED(CONFIG_RPMB)
> +struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev);
> +void rpmb_dev_put(struct rpmb_dev *rdev);
> +struct rpmb_dev *rpmb_dev_find_device(const void *data,
> +				      const struct rpmb_dev *start,
> +				      int (*match)(struct rpmb_dev *rdev,
> +						   const void *data));
> +struct rpmb_dev *rpmb_dev_register(struct device *dev,
> +				   struct rpmb_descr *descr);
> +int rpmb_dev_unregister(struct rpmb_dev *rdev);
> +
> +int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
> +		      unsigned int req_len, u8 *resp, unsigned int resp_len);
> +
> +int rpmb_interface_register(struct notifier_block *nb);
> +int rpmb_interface_unregister(struct notifier_block *nb);
> +#else
> +static inline struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
> +{
> +	return NULL;
> +}
> +
> +static inline void rpmb_dev_put(struct rpmb_dev *rdev) { }
> +
> +static inline struct rpmb_dev *
> +rpmb_dev_find_device(const void *data, const struct rpmb_dev *start,
> +		     int (*match)(struct rpmb_dev *rdev, const void *data))
> +{
> +	return NULL;
> +}
> +
> +static inline struct rpmb_dev *
> +rpmb_dev_register(struct device *dev, const struct rpmb_ops *ops)
> +{
> +	return NULL;
> +}
> +
> +static inline int rpmb_dev_unregister(struct rpmb_dev *dev)
> +{
> +	return 0;
> +}
> +
> +static inline int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
> +				    unsigned int req_len, u8 *resp,
> +				    unsigned int resp_len)
> +{
> +	return -EOPNOTSUPP;
> +}
> +
> +static inline int rpmb_interface_register(struct notifier_block *nb)
> +{
> +	return -EOPNOTSUPP;
> +}
> +
> +static inline int rpmb_interface_unregister(struct notifier_block *nb)
> +{
> +	return -EOPNOTSUPP;
> +}
> +#endif /* CONFIG_RPMB */
> +
> +#endif /* __RPMB_H__ */
> -- 
> 2.34.1
> 

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Manuel Traut]

On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> Register eMMC RPMB partition with the RPMB subsystem and provide
> an implementation for the RPMB access operations abstracting
> the actual multi step process.
> 
> Add a callback to extract the needed device information at registration
> to avoid accessing the struct mmc_card at a later stage as we're not
> holding a reference counter for this struct.
> 
> Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> instead of in mmc_rpmb_chrdev_open(). This is needed by the
> route_frames() function pointer in struct rpmb_ops.
> 
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> ---
>  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 239 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> index 32d49100dff5..a7f126fbc605 100644
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -33,6 +33,7 @@
>  #include <linux/cdev.h>
>  #include <linux/mutex.h>
>  #include <linux/scatterlist.h>
> +#include <linux/string.h>
>  #include <linux/string_helpers.h>
>  #include <linux/delay.h>
>  #include <linux/capability.h>
> @@ -40,6 +41,7 @@
>  #include <linux/pm_runtime.h>
>  #include <linux/idr.h>
>  #include <linux/debugfs.h>
> +#include <linux/rpmb.h>
>  
>  #include <linux/mmc/ioctl.h>
>  #include <linux/mmc/card.h>
> @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
>  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
>  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
>  
> +/**
> + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> + *
> + * @stuff        : stuff bytes
> + * @key_mac      : The authentication key or the message authentication
> + *                 code (MAC) depending on the request/response type.
> + *                 The MAC will be delivered in the last (or the only)
> + *                 block of data.
> + * @data         : Data to be written or read by signed access.
> + * @nonce        : Random number generated by the host for the requests
> + *                 and copied to the response by the RPMB engine.
> + * @write_counter: Counter value for the total amount of the successful
> + *                 authenticated data write requests made by the host.
> + * @addr         : Address of the data to be programmed to or read
> + *                 from the RPMB. Address is the serial number of
> + *                 the accessed block (half sector 256B).
> + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> + *                 read/programmed.
> + * @result       : Includes information about the status of the write counter
> + *                 (valid, expired) and result of the access made to the RPMB.
> + * @req_resp     : Defines the type of request and response to/from the memory.
> + *
> + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> + */
> +struct rpmb_frame {
> +	u8     stuff[196];
> +	u8     key_mac[32];
> +	u8     data[256];
> +	u8     nonce[16];
> +	__be32 write_counter;
> +	__be16 addr;
> +	__be16 block_count;
> +	__be16 result;
> +	__be16 req_resp;
> +} __packed;
> +
> +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> +
>  static DEFINE_MUTEX(block_mutex);
>  
>  /*
> @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
>  	int id;
>  	unsigned int part_index;
>  	struct mmc_blk_data *md;
> +	struct rpmb_dev *rdev;
>  	struct list_head node;
>  };
>  
> @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
>  
>  	get_device(&rpmb->dev);
>  	filp->private_data = rpmb;
> -	mmc_blk_get(rpmb->md->disk);
>  
>  	return nonseekable_open(inode, filp);
>  }
> @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
>  	struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
>  						  struct mmc_rpmb_data, chrdev);
>  
> -	mmc_blk_put(rpmb->md);
>  	put_device(&rpmb->dev);
>  
>  	return 0;
> @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
>  {
>  	struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
>  
> +	rpmb_dev_unregister(rpmb->rdev);
> +	mmc_blk_put(rpmb->md);
>  	ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
>  	kfree(rpmb);
>  }
>  
> +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> +{
> +	unsigned int n;
> +
> +	for (n = 0; n < cmd_count; n++)
> +		kfree(idata[n]);
> +	kfree(idata);
> +}
> +
> +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> +					     unsigned int cmd_count)
> +{
> +	struct mmc_blk_ioc_data **idata;
> +	unsigned int n;
> +
> +	idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> +	if (!idata)
> +		return NULL;
> +
> +	for (n = 0; n < cmd_count; n++) {
> +		idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> +		if (!idata[n]) {
> +			free_idata(idata, n);
> +			return NULL;
> +		}
> +		idata[n]->rpmb = rpmb;
> +	}
> +
> +	return idata;
> +}
> +
> +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> +		      int write_flag, u8 *buf, unsigned int buf_bytes)
> +{
> +	/*
> +	 * The size of an RPMB frame must match what's expected by the
> +	 * hardware.
> +	 */
> +	BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> +
> +	idata->ic.opcode = opcode;
> +	idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> +	idata->ic.write_flag = write_flag;
> +	idata->ic.blksz = sizeof(struct rpmb_frame);
> +	idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> +	idata->buf = buf;

I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
controller. Reading from RPMB does not work. It ends in timeouts due to
no response from the SDHCI controller.

If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
the content of buf is copied to the new allocated area, transfers succeed.

Is it possible that idata->buf is not DMA capable? Any other ideas?

> +	idata->buf_bytes = buf_bytes;
> +}
> +
> +static int mmc_route_rpmb_frames(struct device *dev, u8 *req,
> +				 unsigned int req_len, u8 *resp,
> +				 unsigned int resp_len)
> +{
> +	struct rpmb_frame *frm = (struct rpmb_frame *)req;
> +	struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> +	struct mmc_blk_data *md = rpmb->md;
> +	struct mmc_blk_ioc_data **idata;
> +	struct mmc_queue_req *mq_rq;
> +	unsigned int cmd_count;
> +	struct request *rq;
> +	u16 req_type;
> +	bool write;
> +	int ret;
> +
> +	if (IS_ERR(md->queue.card))
> +		return PTR_ERR(md->queue.card);
> +
> +	if (req_len < sizeof(*frm))
> +		return -EINVAL;
> +
> +	req_type = be16_to_cpu(frm->req_resp);
> +	switch (req_type) {
> +	case RPMB_PROGRAM_KEY:
> +		if (req_len != sizeof(struct rpmb_frame) ||
> +		    resp_len != sizeof(struct rpmb_frame))
> +			return -EINVAL;
> +		write = true;
> +		break;
> +	case RPMB_GET_WRITE_COUNTER:
> +		if (req_len != sizeof(struct rpmb_frame) ||
> +		    resp_len != sizeof(struct rpmb_frame))
> +			return -EINVAL;
> +		write = false;
> +		break;
> +	case RPMB_WRITE_DATA:
> +		if (req_len % sizeof(struct rpmb_frame) ||
> +		    resp_len != sizeof(struct rpmb_frame))
> +			return -EINVAL;
> +		write = true;
> +		break;
> +	case RPMB_READ_DATA:
> +		if (req_len != sizeof(struct rpmb_frame) ||
> +		    resp_len % sizeof(struct rpmb_frame))
> +			return -EINVAL;
> +		write = false;
> +		break;
> +	default:
> +		return -EINVAL;
> +	}
> +
> +	if (write)
> +		cmd_count = 3;
> +	else
> +		cmd_count = 2;
> +
> +	idata = alloc_idata(rpmb, cmd_count);
> +	if (!idata)
> +		return -ENOMEM;
> +
> +	if (write) {
> +		struct rpmb_frame *frm = (struct rpmb_frame *)resp;
> +
> +		/* Send write request frame(s) */
> +		set_idata(idata[0], MMC_WRITE_MULTIPLE_BLOCK,
> +			  1 | MMC_CMD23_ARG_REL_WR, req, req_len);
> +
> +		/* Send result request frame */
> +		memset(frm, 0, sizeof(*frm));
> +		frm->req_resp = cpu_to_be16(RPMB_RESULT_READ);
> +		set_idata(idata[1], MMC_WRITE_MULTIPLE_BLOCK, 1, resp,
> +			  resp_len);
> +
> +		/* Read response frame */
> +		set_idata(idata[2], MMC_READ_MULTIPLE_BLOCK, 0, resp, resp_len);
> +	} else {
> +		/* Send write request frame(s) */
> +		set_idata(idata[0], MMC_WRITE_MULTIPLE_BLOCK, 1, req, req_len);
> +
> +		/* Read response frame */
> +		set_idata(idata[1], MMC_READ_MULTIPLE_BLOCK, 0, resp, resp_len);
> +	}
> +
> +	rq = blk_mq_alloc_request(md->queue.queue, REQ_OP_DRV_OUT, 0);
> +	if (IS_ERR(rq)) {
> +		ret = PTR_ERR(rq);
> +		goto out;
> +	}
> +
> +	mq_rq = req_to_mmc_queue_req(rq);
> +	mq_rq->drv_op = MMC_DRV_OP_IOCTL_RPMB;
> +	mq_rq->drv_op_result = -EIO;
> +	mq_rq->drv_op_data = idata;
> +	mq_rq->ioc_count = cmd_count;
> +	blk_execute_rq(rq, false);
> +	ret = req_to_mmc_queue_req(rq)->drv_op_result;
> +
> +	blk_mq_free_request(rq);
> +
> +out:
> +	free_idata(idata, cmd_count);
> +	return ret;
> +}
> +
>  static int mmc_blk_alloc_rpmb_part(struct mmc_card *card,
>  				   struct mmc_blk_data *md,
>  				   unsigned int part_index,
> @@ -2741,6 +2939,7 @@ static int mmc_blk_alloc_rpmb_part(struct mmc_card *card,
>  	rpmb->dev.release = mmc_blk_rpmb_device_release;
>  	device_initialize(&rpmb->dev);
>  	dev_set_drvdata(&rpmb->dev, rpmb);
> +	mmc_blk_get(md->disk);
>  	rpmb->md = md;
>  
>  	cdev_init(&rpmb->chrdev, &mmc_rpmb_fileops);
> @@ -3002,6 +3201,42 @@ static void mmc_blk_remove_debugfs(struct mmc_card *card,
>  
>  #endif /* CONFIG_DEBUG_FS */
>  
> +static void mmc_blk_rpmb_add(struct mmc_card *card)
> +{
> +	struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
> +	struct mmc_rpmb_data *rpmb;
> +	struct rpmb_dev *rdev;
> +	unsigned int n;
> +	u32 cid[4];
> +	struct rpmb_descr descr = {
> +		.type = RPMB_TYPE_EMMC,
> +		.route_frames = mmc_route_rpmb_frames,
> +		.reliable_wr_count = card->ext_csd.enhanced_rpmb_supported ?
> +				     2 : 32,
> +		.capacity = card->ext_csd.raw_rpmb_size_mult,
> +		.dev_id = (void *)cid,
> +		.dev_id_len = sizeof(cid),
> +	};
> +
> +	/*
> +	 * Provice CID as an octet array. The CID needs to be interpreted
> +	 * when used as input to derive the RPMB key since some fields
> +	 * will change due to firmware updates.
> +	 */
> +	for (n = 0; n < 4; n++)
> +		cid[n] = be32_to_cpu(card->raw_cid[n]);
> +
> +	list_for_each_entry(rpmb, &md->rpmbs, node) {
> +		rdev = rpmb_dev_register(&rpmb->dev, &descr);
> +		if (IS_ERR(rdev)) {
> +			pr_warn("%s: could not register RPMB device\n",
> +				dev_name(&rpmb->dev));
> +			continue;
> +		}
> +		rpmb->rdev = rdev;
> +	}
> +}
> +
>  static int mmc_blk_probe(struct mmc_card *card)
>  {
>  	struct mmc_blk_data *md;
> @@ -3047,6 +3282,8 @@ static int mmc_blk_probe(struct mmc_card *card)
>  		pm_runtime_enable(&card->dev);
>  	}
>  
> +	mmc_blk_rpmb_add(card);
> +
>  	return 0;
>  
>  out:
> -- 
> 2.34.1
> 

Re: [PATCH v5 3/3] optee: probe RPMB device using RPMB subsystem

[Manuel Traut]

On Mon, Apr 22, 2024 at 11:19:36AM +0200, Jens Wiklander wrote:
> Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and
> use an RPMB device via the RPMB subsystem instead of passing the RPMB
> frames via tee-supplicant in user space. A fallback mechanism is kept to
> route RPMB frames via tee-supplicant if the RPMB subsystem isn't
> available.
> 
> The OP-TEE RPC ABI is extended to support iterating over all RPMB
> devices until one is found with the expected RPMB key already
> programmed.

I tested this with fTPM running as built-in TA in optee_os.
The first user of the TA is u-boot. u-boot handles the RPMB requests.

If the tpm-ftpm-tee kernel driver gets probed it triggers also some
RPMB requests. However they are not handled by the new RPMB subsystem.

I did some workaround (see below) but I guess this no good solution.
Need to think longer about this..

> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> ---
>  drivers/tee/optee/core.c          |  30 ++++
>  drivers/tee/optee/device.c        |   7 +
>  drivers/tee/optee/ffa_abi.c       |   8 ++
>  drivers/tee/optee/optee_private.h |  21 ++-
>  drivers/tee/optee/optee_rpc_cmd.h |  35 +++++
>  drivers/tee/optee/rpc.c           | 232 ++++++++++++++++++++++++++++++
>  drivers/tee/optee/smc_abi.c       |   7 +
>  7 files changed, 339 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> index 3aed554bc8d8..082691c10a90 100644
> --- a/drivers/tee/optee/core.c
> +++ b/drivers/tee/optee/core.c
> @@ -11,6 +11,7 @@
>  #include <linux/io.h>
>  #include <linux/mm.h>
>  #include <linux/module.h>
> +#include <linux/rpmb.h>
>  #include <linux/slab.h>
>  #include <linux/string.h>
>  #include <linux/tee_drv.h>
> @@ -80,6 +81,31 @@ void optee_pool_op_free_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
>  	shm->pages = NULL;
>  }
>  
> +void optee_bus_scan_rpmb(struct work_struct *work)
> +{
> +	struct optee *optee = container_of(work, struct optee,
> +					   rpmb_scan_bus_work);
> +	int ret;
> +
> +	if (!optee->rpmb_scan_bus_done) {
> +		ret = optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
> +		optee->rpmb_scan_bus_done = !ret;
> +		if (ret && ret != -ENODEV)
> +			pr_info("Scanning for RPMB device: ret %d\n", ret);
> +	}
> +}
> +
> +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> +			 void *data)
> +{
> +	struct optee *optee = container_of(intf, struct optee, rpmb_intf);
> +
> +	if (action == RPMB_NOTIFY_ADD_DEVICE)
> +		schedule_work(&optee->rpmb_scan_bus_work);
> +
> +	return 0;
> +}
> +
>  static void optee_bus_scan(struct work_struct *work)
>  {
>  	WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP));
> @@ -161,6 +187,8 @@ void optee_release_supp(struct tee_context *ctx)
>  
>  void optee_remove_common(struct optee *optee)
>  {
> +	rpmb_interface_unregister(&optee->rpmb_intf);
> +	cancel_work_sync(&optee->rpmb_scan_bus_work);
>  	/* Unregister OP-TEE specific client devices on TEE bus */
>  	optee_unregister_devices();
>  
> @@ -177,6 +205,8 @@ void optee_remove_common(struct optee *optee)
>  	tee_shm_pool_free(optee->pool);
>  	optee_supp_uninit(&optee->supp);
>  	mutex_destroy(&optee->call_queue.mutex);
> +	rpmb_dev_put(optee->rpmb_dev);
> +	mutex_destroy(&optee->rpmb_dev_mutex);
>  }
>  
>  static int smc_abi_rc;
> diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
> index 4b1092127694..4274876857c8 100644
> --- a/drivers/tee/optee/device.c
> +++ b/drivers/tee/optee/device.c
> @@ -43,6 +43,13 @@ static int get_devices(struct tee_context *ctx, u32 session,
>  	ret = tee_client_invoke_func(ctx, &inv_arg, param);
>  	if ((ret < 0) || ((inv_arg.ret != TEEC_SUCCESS) &&
>  			  (inv_arg.ret != TEEC_ERROR_SHORT_BUFFER))) {
> +		/*
> +		 * TEE_ERROR_STORAGE_NOT_AVAILABLE is returned when getting
> +		 * the list of device TAs that depends on RPMB but a usable
> +		 * RPMB device isn't found.
> +		 */
> +		if (inv_arg.ret == TEE_ERROR_STORAGE_NOT_AVAILABLE)
> +			return -ENODEV;
>  		pr_err("PTA_CMD_GET_DEVICES invoke function err: %x\n",
>  		       inv_arg.ret);
>  		return -EINVAL;
> diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c
> index ecb5eb079408..a8dfdb30b4e8 100644
> --- a/drivers/tee/optee/ffa_abi.c
> +++ b/drivers/tee/optee/ffa_abi.c
> @@ -7,6 +7,7 @@
>  
>  #include <linux/arm_ffa.h>
>  #include <linux/errno.h>
> +#include <linux/rpmb.h>
>  #include <linux/scatterlist.h>
>  #include <linux/sched.h>
>  #include <linux/slab.h>
> @@ -934,6 +935,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
>  	optee_cq_init(&optee->call_queue, 0);
>  	optee_supp_init(&optee->supp);
>  	optee_shm_arg_cache_init(optee, arg_cache_flags);
> +	mutex_init(&optee->rpmb_dev_mutex);
>  	ffa_dev_set_drvdata(ffa_dev, optee);
>  	ctx = teedev_open(optee->teedev);
>  	if (IS_ERR(ctx)) {
> @@ -955,6 +957,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
>  	if (rc)
>  		goto err_unregister_devices;
>  
> +	INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> +	optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> +	rpmb_interface_register(&optee->rpmb_intf);
>  	pr_info("initialized driver\n");
>  	return 0;
>  
> @@ -968,6 +973,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
>  	teedev_close_context(ctx);
>  err_rhashtable_free:
>  	rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL);
> +	rpmb_dev_put(optee->rpmb_dev);
> +	mutex_destroy(&optee->rpmb_dev_mutex);
> +	rpmb_interface_unregister(&optee->rpmb_intf);
>  	optee_supp_uninit(&optee->supp);
>  	mutex_destroy(&optee->call_queue.mutex);
>  	mutex_destroy(&optee->ffa.mutex);
> diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
> index 7a5243c78b55..ae72f3dda1d2 100644
> --- a/drivers/tee/optee/optee_private.h
> +++ b/drivers/tee/optee/optee_private.h
> @@ -8,6 +8,7 @@
>  
>  #include <linux/arm-smccc.h>
>  #include <linux/rhashtable.h>
> +#include <linux/rpmb.h>
>  #include <linux/semaphore.h>
>  #include <linux/tee_drv.h>
>  #include <linux/types.h>
> @@ -20,11 +21,13 @@
>  /* Some Global Platform error codes used in this driver */
>  #define TEEC_SUCCESS			0x00000000
>  #define TEEC_ERROR_BAD_PARAMETERS	0xFFFF0006
> +#define TEEC_ERROR_ITEM_NOT_FOUND	0xFFFF0008
>  #define TEEC_ERROR_NOT_SUPPORTED	0xFFFF000A
>  #define TEEC_ERROR_COMMUNICATION	0xFFFF000E
>  #define TEEC_ERROR_OUT_OF_MEMORY	0xFFFF000C
>  #define TEEC_ERROR_BUSY			0xFFFF000D
>  #define TEEC_ERROR_SHORT_BUFFER		0xFFFF0010
> +#define TEE_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003
>  
>  #define TEEC_ORIGIN_COMMS		0x00000002
>  
> @@ -197,6 +200,12 @@ struct optee_ops {
>   * @notif:		notification synchronization struct
>   * @supp:		supplicant synchronization struct for RPC to supplicant
>   * @pool:		shared memory pool
> + * @mutex:		mutex protecting @rpmb_dev
> + * @rpmb_dev:		current RPMB device or NULL
> + * @rpmb_scan_bus_done	flag if device registation of RPMB dependent devices
> + *			was already done
> + * @rpmb_scan_bus_work	workq to for an RPMB device and to scan optee bus
> + *			and register RPMB dependent optee drivers
>   * @rpc_param_count:	If > 0 number of RPC parameters to make room for
>   * @scan_bus_done	flag if device registation was already done.
>   * @scan_bus_work	workq to scan optee bus and register optee drivers
> @@ -215,9 +224,15 @@ struct optee {
>  	struct optee_notif notif;
>  	struct optee_supp supp;
>  	struct tee_shm_pool *pool;
> +	/* Protects rpmb_dev pointer */
> +	struct mutex rpmb_dev_mutex;
> +	struct rpmb_dev *rpmb_dev;
> +	struct notifier_block rpmb_intf;
>  	unsigned int rpc_param_count;
> -	bool   scan_bus_done;
> +	bool scan_bus_done;
> +	bool rpmb_scan_bus_done;
>  	struct work_struct scan_bus_work;
> +	struct work_struct rpmb_scan_bus_work;
>  };
>  
>  struct optee_session {
> @@ -280,8 +295,12 @@ int optee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session);
>  
>  #define PTA_CMD_GET_DEVICES		0x0
>  #define PTA_CMD_GET_DEVICES_SUPP	0x1
> +#define PTA_CMD_GET_DEVICES_RPMB	0x2
>  int optee_enumerate_devices(u32 func);
>  void optee_unregister_devices(void);
> +void optee_bus_scan_rpmb(struct work_struct *work);
> +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> +			 void *data);
>  
>  int optee_pool_op_alloc_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
>  			       size_t size, size_t align,
> diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h
> index f3f06e0994a7..f351a8ac69fc 100644
> --- a/drivers/tee/optee/optee_rpc_cmd.h
> +++ b/drivers/tee/optee/optee_rpc_cmd.h
> @@ -16,6 +16,14 @@
>   * and sends responses.
>   */
>  
> +/*
> + * Replay Protected Memory Block access
> + *
> + * [in]     memref[0]	    Frames to device
> + * [out]    memref[1]	    Frames from device
> + */
> +#define OPTEE_RPC_CMD_RPMB		1
> +
>  /*
>   * Get time
>   *
> @@ -103,4 +111,31 @@
>  /* I2C master control flags */
>  #define OPTEE_RPC_I2C_FLAGS_TEN_BIT	BIT(0)
>  
> +/*
> + * Reset RPMB probing
> + *
> + * Releases an eventually already used RPMB devices and starts over searching
> + * for RPMB devices. Returns the kind of shared memory to use in subsequent
> + * OPTEE_RPC_CMD_RPMB_PROBE_NEXT and OPTEE_RPC_CMD_RPMB calls.
> + *
> + * [out]    value[0].a	    OPTEE_RPC_SHM_TYPE_*, the parameter for
> + *			    OPTEE_RPC_CMD_SHM_ALLOC
> + */
> +#define OPTEE_RPC_CMD_RPMB_PROBE_RESET	22
> +
> +/*
> + * Probe next RPMB device
> + *
> + * [out]    value[0].a	    Type of RPMB device, OPTEE_RPC_RPMB_*
> + * [out]    value[0].b	    EXT CSD-slice 168 "RPMB Size"
> + * [out]    value[0].c	    EXT CSD-slice 222 "Reliable Write Sector Count"
> + * [out]    memref[1]       Buffer with the raw CID
> + */
> +#define OPTEE_RPC_CMD_RPMB_PROBE_NEXT	23
> +
> +/* Type of RPMB device */
> +#define OPTEE_RPC_RPMB_EMMC		0
> +#define OPTEE_RPC_RPMB_UFS		1
> +#define OPTEE_RPC_RPMB_NVME		2
> +
>  #endif /*__OPTEE_RPC_CMD_H*/
> diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
> index e69bc6380683..a3e4c1830f39 100644
> --- a/drivers/tee/optee/rpc.c
> +++ b/drivers/tee/optee/rpc.c
> @@ -7,6 +7,7 @@
>  
>  #include <linux/delay.h>
>  #include <linux/i2c.h>
> +#include <linux/rpmb.h>
>  #include <linux/slab.h>
>  #include <linux/tee_drv.h>
>  #include "optee_private.h"
> @@ -255,6 +256,228 @@ void optee_rpc_cmd_free_suppl(struct tee_context *ctx, struct tee_shm *shm)
>  	optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_FREE, 1, &param);
>  }
>  
> +static void handle_rpc_func_rpmb_probe_reset(struct tee_context *ctx,
> +					     struct optee *optee,
> +					     struct optee_msg_arg *arg)
> +{
> +	struct tee_param params[1];
> +
> +	if (!IS_ENABLED(CONFIG_RPMB)) {
> +		handle_rpc_supp_cmd(ctx, optee, arg);
> +		return;
> +	}
> +
> +	if (arg->num_params != ARRAY_SIZE(params) ||
> +	    optee->ops->from_msg_param(optee, params, arg->num_params,
> +				       arg->params) ||
> +	    params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) {
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +		return;
> +	}
> +
> +	params[0].u.value.a = OPTEE_RPC_SHM_TYPE_KERNEL;
> +	params[0].u.value.b = 0;
> +	params[0].u.value.c = 0;
> +	if (optee->ops->to_msg_param(optee, arg->params,
> +				     arg->num_params, params)) {
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +		return;
> +	}
> +
> +	mutex_lock(&optee->rpmb_dev_mutex);
> +	rpmb_dev_put(optee->rpmb_dev);
> +	optee->rpmb_dev = NULL;
> +	mutex_unlock(&optee->rpmb_dev_mutex);
> +
> +	arg->ret = TEEC_SUCCESS;
> +}
> +
> +static int rpmb_type_to_rpc_type(enum rpmb_type rtype)
> +{
> +	switch (rtype) {
> +	case RPMB_TYPE_EMMC:
> +		return OPTEE_RPC_RPMB_EMMC;
> +	case RPMB_TYPE_UFS:
> +		return OPTEE_RPC_RPMB_UFS;
> +	case RPMB_TYPE_NVME:
> +		return OPTEE_RPC_RPMB_NVME;
> +	default:
> +		return -1;
> +	}
> +}
> +
> +static int rpc_rpmb_match(struct rpmb_dev *rdev, const void *data)
> +{
> +	return rpmb_type_to_rpc_type(rdev->descr.type) >= 0;
> +}
> +
> +static void handle_rpc_func_rpmb_probe_next(struct tee_context *ctx,
> +					    struct optee *optee,
> +					    struct optee_msg_arg *arg)
> +{
> +	struct rpmb_dev *rdev;
> +	struct tee_param params[2];
> +	void *buf;
> +
> +	if (!IS_REACHABLE(CONFIG_RPMB)) {
> +		handle_rpc_supp_cmd(ctx, optee, arg);
> +		return;
> +	}
> +
> +	if (arg->num_params != ARRAY_SIZE(params) ||
> +	    optee->ops->from_msg_param(optee, params, arg->num_params,
> +				       arg->params) ||
> +	    params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT ||
> +	    params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +		return;
> +	}
> +	buf = tee_shm_get_va(params[1].u.memref.shm,
> +			     params[1].u.memref.shm_offs);
> +	if (!buf) {
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +		return;
> +	}
> +
> +	mutex_lock(&optee->rpmb_dev_mutex);
> +	rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
> +	rpmb_dev_put(optee->rpmb_dev);
> +	optee->rpmb_dev = rdev;
> +	mutex_unlock(&optee->rpmb_dev_mutex);
> +
> +	if (!rdev) {
> +		arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
> +		return;
> +	}
> +
> +	if (params[1].u.memref.size < rdev->descr.dev_id_len) {
> +		arg->ret = TEEC_ERROR_SHORT_BUFFER;
> +		return;
> +	}
> +	memcpy(buf, rdev->descr.dev_id, rdev->descr.dev_id_len);
> +	params[1].u.memref.size = rdev->descr.dev_id_len;
> +	params[0].u.value.a = rpmb_type_to_rpc_type(rdev->descr.type);
> +	params[0].u.value.b = rdev->descr.capacity;
> +	params[0].u.value.c = rdev->descr.reliable_wr_count;
> +	if (optee->ops->to_msg_param(optee, arg->params,
> +				     arg->num_params, params)) {
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +		return;
> +	}
> +
> +	arg->ret = TEEC_SUCCESS;
> +}
> +
> +/* Request */
> +struct rpmb_req {
> +	u16 cmd;
> +#define RPMB_CMD_DATA_REQ      0x00
> +#define RPMB_CMD_GET_DEV_INFO  0x01
> +	u16 dev_id;
> +	u16 block_count;
> +	/* Optional data frames (rpmb_data_frame) follow */
> +};
> +
> +#define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1))
> +
> +#define RPMB_CID_SZ 16
> +
> +/* Response to device info request */
> +struct rpmb_dev_info {
> +	u8 cid[RPMB_CID_SZ];
> +	u8 rpmb_size_mult;	/* RPMB size in units of 128kB */
> +	u8 reliable_wr_count;	/* RPMB write size in units of 256 bytes */
> +	u8 ret_code;
> +#define RPMB_CMD_GET_DEV_INFO_RET_OK     0x00
> +#define RPMB_CMD_GET_DEV_INFO_RET_ERROR  0x01
> +};
> +
> +static int get_dev_info(struct rpmb_dev *rdev, void *rsp, size_t rsp_size)
> +{
> +	struct rpmb_dev_info *dev_info;
> +
> +	if (rsp_size != sizeof(*dev_info))
> +		return TEEC_ERROR_BAD_PARAMETERS;
> +
> +	dev_info = rsp;
> +	memcpy(dev_info->cid, rdev->descr.dev_id, sizeof(dev_info->cid));
> +	dev_info->rpmb_size_mult = rdev->descr.capacity;
> +	dev_info->reliable_wr_count = rdev->descr.reliable_wr_count;
> +	dev_info->ret_code = RPMB_CMD_GET_DEV_INFO_RET_OK;
> +
> +	return TEEC_SUCCESS;
> +}
> +
> +/*
> + * req is one struct rpmb_req followed by one or more struct rpmb_data_frame
> + * rsp is either one struct rpmb_dev_info or one or more struct rpmb_data_frame
> + */
> +static u32 rpmb_process_request(struct optee *optee, struct rpmb_dev *rdev,
> +				void *req, size_t req_size,
> +				void *rsp, size_t rsp_size)
> +{
> +	struct rpmb_req *sreq = req;
> +	int rc;
> +
> +	if (req_size < sizeof(*sreq))
> +		return TEEC_ERROR_BAD_PARAMETERS;
> +
> +	switch (sreq->cmd) {
> +	case RPMB_CMD_DATA_REQ:
> +		rc = rpmb_route_frames(rdev, RPMB_REQ_DATA(req),
> +				       req_size - sizeof(struct rpmb_req),
> +				       rsp, rsp_size);
> +		if (rc)
> +			return TEEC_ERROR_BAD_PARAMETERS;
> +		return TEEC_SUCCESS;
> +	case RPMB_CMD_GET_DEV_INFO:
> +		return get_dev_info(rdev, rsp, rsp_size);
> +	default:
> +		return TEEC_ERROR_BAD_PARAMETERS;
> +	}
> +}
> +
> +static void handle_rpc_func_rpmb(struct tee_context *ctx, struct optee *optee,
> +				 struct optee_msg_arg *arg)
> +{
> +	struct tee_param params[2];
> +	struct rpmb_dev *rdev;
> +	void *p0, *p1;
> +
> +	mutex_lock(&optee->rpmb_dev_mutex);
> +	rdev = rpmb_dev_get(optee->rpmb_dev);
> +	mutex_unlock(&optee->rpmb_dev_mutex);
> +	if (!rdev) {
        mutex_lock(&optee->rpmb_dev_mutex);
        rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
        rpmb_dev_put(optee->rpmb_dev);
        optee->rpmb_dev = rdev;
        mutex_unlock(&optee->rpmb_dev_mutex);

        if (!rdev) {
            handle_rpc_supp_cmd(ctx, optee, arg);
            return;
        }
> + }

In optee_os core/pta/device.c:invoke_cmd():

    case PTA_CMD_GET_DEVICES_RPMB:
-           res = tee_rpmb_init();
+           res = tee_rpmb_reinit();

With tee_rpmb_reinit implemented like this:

TEE_Result tee_rpmb_reinit(void)
{
    TEE_Result res = rpmb_probe_reset();
    if (res) {
        if (res != TEE_ERROR_NOT_SUPPORTED)
            return res;
        return legacy_rpmb_init();
    }
    return tee_rpmb_init();
}

> +	if (arg->num_params != ARRAY_SIZE(params) ||
> +	    optee->ops->from_msg_param(optee, params, arg->num_params,
> +				       arg->params) ||
> +	    params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT ||
> +	    params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +		goto out;
> +	}
> +
> +	p0 = tee_shm_get_va(params[0].u.memref.shm,
> +			    params[0].u.memref.shm_offs);
> +	p1 = tee_shm_get_va(params[1].u.memref.shm,
> +			    params[1].u.memref.shm_offs);
> +	arg->ret = rpmb_process_request(optee, rdev, p0,
> +					params[0].u.memref.size,
> +					p1, params[1].u.memref.size);
> +	if (arg->ret)
> +		goto out;
> +
> +	if (optee->ops->to_msg_param(optee, arg->params,
> +				     arg->num_params, params))
> +		arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> +out:
> +	rpmb_dev_put(rdev);
> +}
> +
>  void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
>  		   struct optee_msg_arg *arg)
>  {
> @@ -271,6 +494,15 @@ void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
>  	case OPTEE_RPC_CMD_I2C_TRANSFER:
>  		handle_rpc_func_cmd_i2c_transfer(ctx, arg);
>  		break;
> +	case OPTEE_RPC_CMD_RPMB_PROBE_RESET:
> +		handle_rpc_func_rpmb_probe_reset(ctx, optee, arg);
> +		break;
> +	case OPTEE_RPC_CMD_RPMB_PROBE_NEXT:
> +		handle_rpc_func_rpmb_probe_next(ctx, optee, arg);
> +		break;
> +	case OPTEE_RPC_CMD_RPMB:
> +		handle_rpc_func_rpmb(ctx, optee, arg);
> +		break;
>  	default:
>  		handle_rpc_supp_cmd(ctx, optee, arg);
>  	}
> diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
> index a37f87087e5c..c23bcf35c8cb 100644
> --- a/drivers/tee/optee/smc_abi.c
> +++ b/drivers/tee/optee/smc_abi.c
> @@ -20,6 +20,7 @@
>  #include <linux/of_irq.h>
>  #include <linux/of_platform.h>
>  #include <linux/platform_device.h>
> +#include <linux/rpmb.h>
>  #include <linux/sched.h>
>  #include <linux/slab.h>
>  #include <linux/string.h>
> @@ -1715,6 +1716,7 @@ static int optee_probe(struct platform_device *pdev)
>  	optee->smc.memremaped_shm = memremaped_shm;
>  	optee->pool = pool;
>  	optee_shm_arg_cache_init(optee, arg_cache_flags);
> +	mutex_init(&optee->rpmb_dev_mutex);
>  
>  	platform_set_drvdata(pdev, optee);
>  	ctx = teedev_open(optee->teedev);
> @@ -1769,6 +1771,9 @@ static int optee_probe(struct platform_device *pdev)
>  	if (rc)
>  		goto err_disable_shm_cache;
>  
> +	INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> +	optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> +	rpmb_interface_register(&optee->rpmb_intf);
>  	pr_info("initialized driver\n");
>  	return 0;
>  
> @@ -1782,6 +1787,8 @@ static int optee_probe(struct platform_device *pdev)
>  err_close_ctx:
>  	teedev_close_context(ctx);
>  err_supp_uninit:
> +	rpmb_dev_put(optee->rpmb_dev);
> +	mutex_destroy(&optee->rpmb_dev_mutex);
>  	optee_shm_arg_cache_uninit(optee);
>  	optee_supp_uninit(&optee->supp);
>  	mutex_destroy(&optee->call_queue.mutex);
> -- 
> 2.34.1
> 

Re: [PATCH v5 1/3] rpmb: add Replay Protected Memory Block (RPMB) subsystem

[Jens Wiklander]

On Thu, Apr 25, 2024 at 10:37 AM Manuel Traut <manut@mecka.net> wrote:
>
> On Mon, Apr 22, 2024 at 11:19:34AM +0200, Jens Wiklander wrote:
> > A number of storage technologies support a specialised hardware
> > partition designed to be resistant to replay attacks. The underlying
> > HW protocols differ but the operations are common. The RPMB partition
> > cannot be accessed via standard block layer, but by a set of specific
> > RPMB commands. Such a partition provides authenticated and replay
> > protected access, hence suitable as a secure storage.
> >
> > The initial aim of this patch is to provide a simple RPMB driver
> > interface which can be accessed by the optee driver to facilitate early
> > RPMB access to OP-TEE OS (secure OS) during the boot time.
> >
> > A TEE device driver can claim the RPMB interface, for example, via
> > rpmb_interface_register() or rpmb_dev_find_device(). The RPMB driver
> > provides a callback to route RPMB frames to the RPMB device accessible
> > via rpmb_route_frames().
> >
> > The detailed operation of implementing the access is left to the TEE
> > device driver itself.
> >
> > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> > Signed-off-by: Shyam Saini <shyamsaini@linux.microsoft.com>
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
> > ---
> >  MAINTAINERS              |   7 ++
> >  drivers/misc/Kconfig     |  10 ++
> >  drivers/misc/Makefile    |   1 +
> >  drivers/misc/rpmb-core.c | 232 +++++++++++++++++++++++++++++++++++++++
> >  include/linux/rpmb.h     | 136 +++++++++++++++++++++++
> >  5 files changed, 386 insertions(+)
> >  create mode 100644 drivers/misc/rpmb-core.c
> >  create mode 100644 include/linux/rpmb.h
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 8999497011a2..e83152c42499 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -19012,6 +19012,13 @@ T:   git git://linuxtv.org/media_tree.git
> >  F:   Documentation/devicetree/bindings/media/allwinner,sun8i-a83t-de2-rotate.yaml
> >  F:   drivers/media/platform/sunxi/sun8i-rotate/
> >
> > +RPMB SUBSYSTEM
> > +M:   Jens Wiklander <jens.wiklander@linaro.org>
> > +L:   linux-kernel@vger.kernel.org
> > +S:   Supported
> > +F:   drivers/misc/rpmb-core.c
> > +F:   include/linux/rpmb.h
> > +
> >  RPMSG TTY DRIVER
> >  M:   Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
> >  L:   linux-remoteproc@vger.kernel.org
> > diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
> > index 4fb291f0bf7c..dbff9e8c3a03 100644
> > --- a/drivers/misc/Kconfig
> > +++ b/drivers/misc/Kconfig
> > @@ -104,6 +104,16 @@ config PHANTOM
> >         If you choose to build module, its name will be phantom. If unsure,
> >         say N here.
> >
> > +config RPMB
> > +     tristate "RPMB partition interface"
> > +     depends on MMC
> > +     help
> > +       Unified RPMB unit interface for RPMB capable devices such as eMMC and
> > +       UFS. Provides interface for in-kernel security controllers to access
> > +       RPMB unit.
> > +
> > +       If unsure, select N.
> > +
> >  config TIFM_CORE
> >       tristate "TI Flash Media interface support"
> >       depends on PCI
> > diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
> > index ea6ea5bbbc9c..8af058ad1df4 100644
> > --- a/drivers/misc/Makefile
> > +++ b/drivers/misc/Makefile
> > @@ -15,6 +15,7 @@ obj-$(CONFIG_LKDTM)         += lkdtm/
> >  obj-$(CONFIG_TIFM_CORE)              += tifm_core.o
> >  obj-$(CONFIG_TIFM_7XX1)              += tifm_7xx1.o
> >  obj-$(CONFIG_PHANTOM)                += phantom.o
> > +obj-$(CONFIG_RPMB)           += rpmb-core.o
> >  obj-$(CONFIG_QCOM_COINCELL)  += qcom-coincell.o
> >  obj-$(CONFIG_QCOM_FASTRPC)   += fastrpc.o
> >  obj-$(CONFIG_SENSORS_BH1770) += bh1770glc.o
> > diff --git a/drivers/misc/rpmb-core.c b/drivers/misc/rpmb-core.c
> > new file mode 100644
> > index 000000000000..5479469c26f3
> > --- /dev/null
> > +++ b/drivers/misc/rpmb-core.c
> > @@ -0,0 +1,232 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Copyright(c) 2015 - 2019 Intel Corporation. All rights reserved.
> > + * Copyright(c) 2021 - 2024 Linaro Ltd.
> > + */
> > +#include <linux/device.h>
> > +#include <linux/init.h>
> > +#include <linux/kernel.h>
> > +#include <linux/list.h>
> > +#include <linux/module.h>
> > +#include <linux/mutex.h>
> > +#include <linux/rpmb.h>
> > +#include <linux/slab.h>
> > +
> > +static struct list_head rpmb_dev_list;
> > +static DEFINE_MUTEX(rpmb_mutex);
> > +static struct blocking_notifier_head rpmb_interface =
> > +     BLOCKING_NOTIFIER_INIT(rpmb_interface);
> > +
> > +/**
> > + * rpmb_dev_get() - increase rpmb device ref counter
> > + * @rdev: rpmb device
> > + */
> > +struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
> > +{
> > +     if (rdev)
> > +             get_device(rdev->parent_dev);
> > +     return rdev;
> > +}
> > +EXPORT_SYMBOL_GPL(rpmb_dev_get);
> > +
> > +/**
> > + * rpmb_dev_put() - decrease rpmb device ref counter
> > + * @rdev: rpmb device
> > + */
> > +void rpmb_dev_put(struct rpmb_dev *rdev)
> > +{
> > +     if (rdev)
> > +             put_device(rdev->parent_dev);
> > +}
> > +EXPORT_SYMBOL_GPL(rpmb_dev_put);
> > +
> > +/**
> > + * rpmb_route_frames() - route rpmb frames to rpmb device
> > + * @rdev:    rpmb device
> > + * @req:     rpmb request frames
> > + * @req_len: length of rpmb request frames in bytes
> > + * @rsp:     rpmb response frames
> > + * @rsp_len: length of rpmb response frames in bytes
> > + *
> > + * Returns: < 0 on failure
> > + */
> > +int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
> > +                   unsigned int req_len, u8 *rsp, unsigned int rsp_len)
> > +{
> > +     if (!req || !req_len || !rsp || !rsp_len)
> > +             return -EINVAL;
> > +
> > +     return rdev->descr.route_frames(rdev->parent_dev, req, req_len,
> > +                                     rsp, rsp_len);
> > +}
> > +EXPORT_SYMBOL_GPL(rpmb_route_frames);
> > +
> > +/**
> > + * rpmb_dev_find_device() - return first matching rpmb device
> > + * @data: data for the match function
> > + * @match: the matching function
> > + *
> > + * Iterate over registered RPMB devices, and call @match() for each passing
> > + * it the RPMB device and @data.
> > + *
> > + * The return value of @match() is checked for each call. If it returns
> > + * anything other 0, break and return the found RPMB device.
> > + *
> > + * It's the callers responsibility to call rpmb_dev_put() on the returned
> > + * device, when it's done with it.
> > + *
> > + * Returns: a matching rpmb device or NULL on failure
> > + */
> > +struct rpmb_dev *rpmb_dev_find_device(const void *data,
> > +                                   const struct rpmb_dev *start,
> > +                                   int (*match)(struct rpmb_dev *rdev,
> > +                                                const void *data))
> > +{
> > +     struct rpmb_dev *rdev;
> > +     struct list_head *pos;
> > +
> > +     mutex_lock(&rpmb_mutex);
> > +     if (start)
> > +             pos = start->list_node.next;
> > +     else
> > +             pos = rpmb_dev_list.next;
> > +
> > +     while (pos != &rpmb_dev_list) {
> > +             rdev = container_of(pos, struct rpmb_dev, list_node);
> > +             if (match(rdev, data)) {
> > +                     rpmb_dev_get(rdev);
> > +                     goto out;
> > +             }
> > +             pos = pos->next;
> > +     }
> > +     rdev = NULL;
> > +
> > +out:
> > +     mutex_unlock(&rpmb_mutex);
> > +
> > +     return rdev;
> > +}
>
> EXPORT_SYMBOL_GPL missing?

You're right, I'll add it.

Thanks,
Jens

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
>
> On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > Register eMMC RPMB partition with the RPMB subsystem and provide
> > an implementation for the RPMB access operations abstracting
> > the actual multi step process.
> >
> > Add a callback to extract the needed device information at registration
> > to avoid accessing the struct mmc_card at a later stage as we're not
> > holding a reference counter for this struct.
> >
> > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > route_frames() function pointer in struct rpmb_ops.
> >
> > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > ---
> >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 239 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > index 32d49100dff5..a7f126fbc605 100644
> > --- a/drivers/mmc/core/block.c
> > +++ b/drivers/mmc/core/block.c
> > @@ -33,6 +33,7 @@
> >  #include <linux/cdev.h>
> >  #include <linux/mutex.h>
> >  #include <linux/scatterlist.h>
> > +#include <linux/string.h>
> >  #include <linux/string_helpers.h>
> >  #include <linux/delay.h>
> >  #include <linux/capability.h>
> > @@ -40,6 +41,7 @@
> >  #include <linux/pm_runtime.h>
> >  #include <linux/idr.h>
> >  #include <linux/debugfs.h>
> > +#include <linux/rpmb.h>
> >
> >  #include <linux/mmc/ioctl.h>
> >  #include <linux/mmc/card.h>
> > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> >
> > +/**
> > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > + *
> > + * @stuff        : stuff bytes
> > + * @key_mac      : The authentication key or the message authentication
> > + *                 code (MAC) depending on the request/response type.
> > + *                 The MAC will be delivered in the last (or the only)
> > + *                 block of data.
> > + * @data         : Data to be written or read by signed access.
> > + * @nonce        : Random number generated by the host for the requests
> > + *                 and copied to the response by the RPMB engine.
> > + * @write_counter: Counter value for the total amount of the successful
> > + *                 authenticated data write requests made by the host.
> > + * @addr         : Address of the data to be programmed to or read
> > + *                 from the RPMB. Address is the serial number of
> > + *                 the accessed block (half sector 256B).
> > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > + *                 read/programmed.
> > + * @result       : Includes information about the status of the write counter
> > + *                 (valid, expired) and result of the access made to the RPMB.
> > + * @req_resp     : Defines the type of request and response to/from the memory.
> > + *
> > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > + */
> > +struct rpmb_frame {
> > +     u8     stuff[196];
> > +     u8     key_mac[32];
> > +     u8     data[256];
> > +     u8     nonce[16];
> > +     __be32 write_counter;
> > +     __be16 addr;
> > +     __be16 block_count;
> > +     __be16 result;
> > +     __be16 req_resp;
> > +} __packed;
> > +
> > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > +
> >  static DEFINE_MUTEX(block_mutex);
> >
> >  /*
> > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> >       int id;
> >       unsigned int part_index;
> >       struct mmc_blk_data *md;
> > +     struct rpmb_dev *rdev;
> >       struct list_head node;
> >  };
> >
> > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> >
> >       get_device(&rpmb->dev);
> >       filp->private_data = rpmb;
> > -     mmc_blk_get(rpmb->md->disk);
> >
> >       return nonseekable_open(inode, filp);
> >  }
> > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> >                                                 struct mmc_rpmb_data, chrdev);
> >
> > -     mmc_blk_put(rpmb->md);
> >       put_device(&rpmb->dev);
> >
> >       return 0;
> > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> >  {
> >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> >
> > +     rpmb_dev_unregister(rpmb->rdev);
> > +     mmc_blk_put(rpmb->md);
> >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> >       kfree(rpmb);
> >  }
> >
> > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > +{
> > +     unsigned int n;
> > +
> > +     for (n = 0; n < cmd_count; n++)
> > +             kfree(idata[n]);
> > +     kfree(idata);
> > +}
> > +
> > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > +                                          unsigned int cmd_count)
> > +{
> > +     struct mmc_blk_ioc_data **idata;
> > +     unsigned int n;
> > +
> > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > +     if (!idata)
> > +             return NULL;
> > +
> > +     for (n = 0; n < cmd_count; n++) {
> > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > +             if (!idata[n]) {
> > +                     free_idata(idata, n);
> > +                     return NULL;
> > +             }
> > +             idata[n]->rpmb = rpmb;
> > +     }
> > +
> > +     return idata;
> > +}
> > +
> > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > +{
> > +     /*
> > +      * The size of an RPMB frame must match what's expected by the
> > +      * hardware.
> > +      */
> > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > +
> > +     idata->ic.opcode = opcode;
> > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > +     idata->ic.write_flag = write_flag;
> > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > +     idata->buf = buf;
>
> I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> controller. Reading from RPMB does not work. It ends in timeouts due to
> no response from the SDHCI controller.
>
> If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> the content of buf is copied to the new allocated area, transfers succeed.
>
> Is it possible that idata->buf is not DMA capable? Any other ideas?

Thanks for testing. I don't know, the idata->buf is allocated using
alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
optee_pool_op_alloc_helper(). Alternatively, it's from the memory
range mapped using memremap() in optee_config_shm_memremap(), but
that's only if you don't have "dynamic shared memory is enabled" in
the boot log.

Thanks,
Jens

Re: [PATCH v5 3/3] optee: probe RPMB device using RPMB subsystem

[Jens Wiklander]

On Thu, Apr 25, 2024 at 11:13 AM Manuel Traut <manut@mecka.net> wrote:
>
> On Mon, Apr 22, 2024 at 11:19:36AM +0200, Jens Wiklander wrote:
> > Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and
> > use an RPMB device via the RPMB subsystem instead of passing the RPMB
> > frames via tee-supplicant in user space. A fallback mechanism is kept to
> > route RPMB frames via tee-supplicant if the RPMB subsystem isn't
> > available.
> >
> > The OP-TEE RPC ABI is extended to support iterating over all RPMB
> > devices until one is found with the expected RPMB key already
> > programmed.
>
> I tested this with fTPM running as built-in TA in optee_os.
> The first user of the TA is u-boot. u-boot handles the RPMB requests.
>
> If the tpm-ftpm-tee kernel driver gets probed it triggers also some
> RPMB requests. However they are not handled by the new RPMB subsystem.
>
> I did some workaround (see below) but I guess this no good solution.
> Need to think longer about this..

That's interesting. Again, thanks for testing.

>
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > ---
> >  drivers/tee/optee/core.c          |  30 ++++
> >  drivers/tee/optee/device.c        |   7 +
> >  drivers/tee/optee/ffa_abi.c       |   8 ++
> >  drivers/tee/optee/optee_private.h |  21 ++-
> >  drivers/tee/optee/optee_rpc_cmd.h |  35 +++++
> >  drivers/tee/optee/rpc.c           | 232 ++++++++++++++++++++++++++++++
> >  drivers/tee/optee/smc_abi.c       |   7 +
> >  7 files changed, 339 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> > index 3aed554bc8d8..082691c10a90 100644
> > --- a/drivers/tee/optee/core.c
> > +++ b/drivers/tee/optee/core.c
> > @@ -11,6 +11,7 @@
> >  #include <linux/io.h>
> >  #include <linux/mm.h>
> >  #include <linux/module.h>
> > +#include <linux/rpmb.h>
> >  #include <linux/slab.h>
> >  #include <linux/string.h>
> >  #include <linux/tee_drv.h>
> > @@ -80,6 +81,31 @@ void optee_pool_op_free_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
> >       shm->pages = NULL;
> >  }
> >
> > +void optee_bus_scan_rpmb(struct work_struct *work)
> > +{
> > +     struct optee *optee = container_of(work, struct optee,
> > +                                        rpmb_scan_bus_work);
> > +     int ret;
> > +
> > +     if (!optee->rpmb_scan_bus_done) {
> > +             ret = optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
> > +             optee->rpmb_scan_bus_done = !ret;
> > +             if (ret && ret != -ENODEV)
> > +                     pr_info("Scanning for RPMB device: ret %d\n", ret);
> > +     }
> > +}
> > +
> > +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> > +                      void *data)
> > +{
> > +     struct optee *optee = container_of(intf, struct optee, rpmb_intf);
> > +
> > +     if (action == RPMB_NOTIFY_ADD_DEVICE)
> > +             schedule_work(&optee->rpmb_scan_bus_work);
> > +
> > +     return 0;
> > +}
> > +
> >  static void optee_bus_scan(struct work_struct *work)
> >  {
> >       WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP));
> > @@ -161,6 +187,8 @@ void optee_release_supp(struct tee_context *ctx)
> >
> >  void optee_remove_common(struct optee *optee)
> >  {
> > +     rpmb_interface_unregister(&optee->rpmb_intf);
> > +     cancel_work_sync(&optee->rpmb_scan_bus_work);
> >       /* Unregister OP-TEE specific client devices on TEE bus */
> >       optee_unregister_devices();
> >
> > @@ -177,6 +205,8 @@ void optee_remove_common(struct optee *optee)
> >       tee_shm_pool_free(optee->pool);
> >       optee_supp_uninit(&optee->supp);
> >       mutex_destroy(&optee->call_queue.mutex);
> > +     rpmb_dev_put(optee->rpmb_dev);
> > +     mutex_destroy(&optee->rpmb_dev_mutex);
> >  }
> >
> >  static int smc_abi_rc;
> > diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
> > index 4b1092127694..4274876857c8 100644
> > --- a/drivers/tee/optee/device.c
> > +++ b/drivers/tee/optee/device.c
> > @@ -43,6 +43,13 @@ static int get_devices(struct tee_context *ctx, u32 session,
> >       ret = tee_client_invoke_func(ctx, &inv_arg, param);
> >       if ((ret < 0) || ((inv_arg.ret != TEEC_SUCCESS) &&
> >                         (inv_arg.ret != TEEC_ERROR_SHORT_BUFFER))) {
> > +             /*
> > +              * TEE_ERROR_STORAGE_NOT_AVAILABLE is returned when getting
> > +              * the list of device TAs that depends on RPMB but a usable
> > +              * RPMB device isn't found.
> > +              */
> > +             if (inv_arg.ret == TEE_ERROR_STORAGE_NOT_AVAILABLE)
> > +                     return -ENODEV;
> >               pr_err("PTA_CMD_GET_DEVICES invoke function err: %x\n",
> >                      inv_arg.ret);
> >               return -EINVAL;
> > diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c
> > index ecb5eb079408..a8dfdb30b4e8 100644
> > --- a/drivers/tee/optee/ffa_abi.c
> > +++ b/drivers/tee/optee/ffa_abi.c
> > @@ -7,6 +7,7 @@
> >
> >  #include <linux/arm_ffa.h>
> >  #include <linux/errno.h>
> > +#include <linux/rpmb.h>
> >  #include <linux/scatterlist.h>
> >  #include <linux/sched.h>
> >  #include <linux/slab.h>
> > @@ -934,6 +935,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> >       optee_cq_init(&optee->call_queue, 0);
> >       optee_supp_init(&optee->supp);
> >       optee_shm_arg_cache_init(optee, arg_cache_flags);
> > +     mutex_init(&optee->rpmb_dev_mutex);
> >       ffa_dev_set_drvdata(ffa_dev, optee);
> >       ctx = teedev_open(optee->teedev);
> >       if (IS_ERR(ctx)) {
> > @@ -955,6 +957,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> >       if (rc)
> >               goto err_unregister_devices;
> >
> > +     INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> > +     optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> > +     rpmb_interface_register(&optee->rpmb_intf);
> >       pr_info("initialized driver\n");
> >       return 0;
> >
> > @@ -968,6 +973,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> >       teedev_close_context(ctx);
> >  err_rhashtable_free:
> >       rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL);
> > +     rpmb_dev_put(optee->rpmb_dev);
> > +     mutex_destroy(&optee->rpmb_dev_mutex);
> > +     rpmb_interface_unregister(&optee->rpmb_intf);
> >       optee_supp_uninit(&optee->supp);
> >       mutex_destroy(&optee->call_queue.mutex);
> >       mutex_destroy(&optee->ffa.mutex);
> > diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
> > index 7a5243c78b55..ae72f3dda1d2 100644
> > --- a/drivers/tee/optee/optee_private.h
> > +++ b/drivers/tee/optee/optee_private.h
> > @@ -8,6 +8,7 @@
> >
> >  #include <linux/arm-smccc.h>
> >  #include <linux/rhashtable.h>
> > +#include <linux/rpmb.h>
> >  #include <linux/semaphore.h>
> >  #include <linux/tee_drv.h>
> >  #include <linux/types.h>
> > @@ -20,11 +21,13 @@
> >  /* Some Global Platform error codes used in this driver */
> >  #define TEEC_SUCCESS                 0x00000000
> >  #define TEEC_ERROR_BAD_PARAMETERS    0xFFFF0006
> > +#define TEEC_ERROR_ITEM_NOT_FOUND    0xFFFF0008
> >  #define TEEC_ERROR_NOT_SUPPORTED     0xFFFF000A
> >  #define TEEC_ERROR_COMMUNICATION     0xFFFF000E
> >  #define TEEC_ERROR_OUT_OF_MEMORY     0xFFFF000C
> >  #define TEEC_ERROR_BUSY                      0xFFFF000D
> >  #define TEEC_ERROR_SHORT_BUFFER              0xFFFF0010
> > +#define TEE_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003
> >
> >  #define TEEC_ORIGIN_COMMS            0x00000002
> >
> > @@ -197,6 +200,12 @@ struct optee_ops {
> >   * @notif:           notification synchronization struct
> >   * @supp:            supplicant synchronization struct for RPC to supplicant
> >   * @pool:            shared memory pool
> > + * @mutex:           mutex protecting @rpmb_dev
> > + * @rpmb_dev:                current RPMB device or NULL
> > + * @rpmb_scan_bus_done       flag if device registation of RPMB dependent devices
> > + *                   was already done
> > + * @rpmb_scan_bus_work       workq to for an RPMB device and to scan optee bus
> > + *                   and register RPMB dependent optee drivers
> >   * @rpc_param_count: If > 0 number of RPC parameters to make room for
> >   * @scan_bus_done    flag if device registation was already done.
> >   * @scan_bus_work    workq to scan optee bus and register optee drivers
> > @@ -215,9 +224,15 @@ struct optee {
> >       struct optee_notif notif;
> >       struct optee_supp supp;
> >       struct tee_shm_pool *pool;
> > +     /* Protects rpmb_dev pointer */
> > +     struct mutex rpmb_dev_mutex;
> > +     struct rpmb_dev *rpmb_dev;
> > +     struct notifier_block rpmb_intf;
> >       unsigned int rpc_param_count;
> > -     bool   scan_bus_done;
> > +     bool scan_bus_done;
> > +     bool rpmb_scan_bus_done;
> >       struct work_struct scan_bus_work;
> > +     struct work_struct rpmb_scan_bus_work;
> >  };
> >
> >  struct optee_session {
> > @@ -280,8 +295,12 @@ int optee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session);
> >
> >  #define PTA_CMD_GET_DEVICES          0x0
> >  #define PTA_CMD_GET_DEVICES_SUPP     0x1
> > +#define PTA_CMD_GET_DEVICES_RPMB     0x2
> >  int optee_enumerate_devices(u32 func);
> >  void optee_unregister_devices(void);
> > +void optee_bus_scan_rpmb(struct work_struct *work);
> > +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> > +                      void *data);
> >
> >  int optee_pool_op_alloc_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
> >                              size_t size, size_t align,
> > diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h
> > index f3f06e0994a7..f351a8ac69fc 100644
> > --- a/drivers/tee/optee/optee_rpc_cmd.h
> > +++ b/drivers/tee/optee/optee_rpc_cmd.h
> > @@ -16,6 +16,14 @@
> >   * and sends responses.
> >   */
> >
> > +/*
> > + * Replay Protected Memory Block access
> > + *
> > + * [in]     memref[0]            Frames to device
> > + * [out]    memref[1]            Frames from device
> > + */
> > +#define OPTEE_RPC_CMD_RPMB           1
> > +
> >  /*
> >   * Get time
> >   *
> > @@ -103,4 +111,31 @@
> >  /* I2C master control flags */
> >  #define OPTEE_RPC_I2C_FLAGS_TEN_BIT  BIT(0)
> >
> > +/*
> > + * Reset RPMB probing
> > + *
> > + * Releases an eventually already used RPMB devices and starts over searching
> > + * for RPMB devices. Returns the kind of shared memory to use in subsequent
> > + * OPTEE_RPC_CMD_RPMB_PROBE_NEXT and OPTEE_RPC_CMD_RPMB calls.
> > + *
> > + * [out]    value[0].a           OPTEE_RPC_SHM_TYPE_*, the parameter for
> > + *                       OPTEE_RPC_CMD_SHM_ALLOC
> > + */
> > +#define OPTEE_RPC_CMD_RPMB_PROBE_RESET       22
> > +
> > +/*
> > + * Probe next RPMB device
> > + *
> > + * [out]    value[0].a           Type of RPMB device, OPTEE_RPC_RPMB_*
> > + * [out]    value[0].b           EXT CSD-slice 168 "RPMB Size"
> > + * [out]    value[0].c           EXT CSD-slice 222 "Reliable Write Sector Count"
> > + * [out]    memref[1]       Buffer with the raw CID
> > + */
> > +#define OPTEE_RPC_CMD_RPMB_PROBE_NEXT        23
> > +
> > +/* Type of RPMB device */
> > +#define OPTEE_RPC_RPMB_EMMC          0
> > +#define OPTEE_RPC_RPMB_UFS           1
> > +#define OPTEE_RPC_RPMB_NVME          2
> > +
> >  #endif /*__OPTEE_RPC_CMD_H*/
> > diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
> > index e69bc6380683..a3e4c1830f39 100644
> > --- a/drivers/tee/optee/rpc.c
> > +++ b/drivers/tee/optee/rpc.c
> > @@ -7,6 +7,7 @@
> >
> >  #include <linux/delay.h>
> >  #include <linux/i2c.h>
> > +#include <linux/rpmb.h>
> >  #include <linux/slab.h>
> >  #include <linux/tee_drv.h>
> >  #include "optee_private.h"
> > @@ -255,6 +256,228 @@ void optee_rpc_cmd_free_suppl(struct tee_context *ctx, struct tee_shm *shm)
> >       optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_FREE, 1, &param);
> >  }
> >
> > +static void handle_rpc_func_rpmb_probe_reset(struct tee_context *ctx,
> > +                                          struct optee *optee,
> > +                                          struct optee_msg_arg *arg)
> > +{
> > +     struct tee_param params[1];
> > +
> > +     if (!IS_ENABLED(CONFIG_RPMB)) {
> > +             handle_rpc_supp_cmd(ctx, optee, arg);
> > +             return;
> > +     }
> > +
> > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > +                                    arg->params) ||
> > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) {
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +             return;
> > +     }
> > +
> > +     params[0].u.value.a = OPTEE_RPC_SHM_TYPE_KERNEL;
> > +     params[0].u.value.b = 0;
> > +     params[0].u.value.c = 0;
> > +     if (optee->ops->to_msg_param(optee, arg->params,
> > +                                  arg->num_params, params)) {
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +             return;
> > +     }
> > +
> > +     mutex_lock(&optee->rpmb_dev_mutex);
> > +     rpmb_dev_put(optee->rpmb_dev);
> > +     optee->rpmb_dev = NULL;
> > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > +
> > +     arg->ret = TEEC_SUCCESS;
> > +}
> > +
> > +static int rpmb_type_to_rpc_type(enum rpmb_type rtype)
> > +{
> > +     switch (rtype) {
> > +     case RPMB_TYPE_EMMC:
> > +             return OPTEE_RPC_RPMB_EMMC;
> > +     case RPMB_TYPE_UFS:
> > +             return OPTEE_RPC_RPMB_UFS;
> > +     case RPMB_TYPE_NVME:
> > +             return OPTEE_RPC_RPMB_NVME;
> > +     default:
> > +             return -1;
> > +     }
> > +}
> > +
> > +static int rpc_rpmb_match(struct rpmb_dev *rdev, const void *data)
> > +{
> > +     return rpmb_type_to_rpc_type(rdev->descr.type) >= 0;
> > +}
> > +
> > +static void handle_rpc_func_rpmb_probe_next(struct tee_context *ctx,
> > +                                         struct optee *optee,
> > +                                         struct optee_msg_arg *arg)
> > +{
> > +     struct rpmb_dev *rdev;
> > +     struct tee_param params[2];
> > +     void *buf;
> > +
> > +     if (!IS_REACHABLE(CONFIG_RPMB)) {
> > +             handle_rpc_supp_cmd(ctx, optee, arg);
> > +             return;
> > +     }
> > +
> > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > +                                    arg->params) ||
> > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT ||
> > +         params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +             return;
> > +     }
> > +     buf = tee_shm_get_va(params[1].u.memref.shm,
> > +                          params[1].u.memref.shm_offs);
> > +     if (!buf) {
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +             return;
> > +     }
> > +
> > +     mutex_lock(&optee->rpmb_dev_mutex);
> > +     rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
> > +     rpmb_dev_put(optee->rpmb_dev);
> > +     optee->rpmb_dev = rdev;
> > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > +
> > +     if (!rdev) {
> > +             arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
> > +             return;
> > +     }
> > +
> > +     if (params[1].u.memref.size < rdev->descr.dev_id_len) {
> > +             arg->ret = TEEC_ERROR_SHORT_BUFFER;
> > +             return;
> > +     }
> > +     memcpy(buf, rdev->descr.dev_id, rdev->descr.dev_id_len);
> > +     params[1].u.memref.size = rdev->descr.dev_id_len;
> > +     params[0].u.value.a = rpmb_type_to_rpc_type(rdev->descr.type);
> > +     params[0].u.value.b = rdev->descr.capacity;
> > +     params[0].u.value.c = rdev->descr.reliable_wr_count;
> > +     if (optee->ops->to_msg_param(optee, arg->params,
> > +                                  arg->num_params, params)) {
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +             return;
> > +     }
> > +
> > +     arg->ret = TEEC_SUCCESS;
> > +}
> > +
> > +/* Request */
> > +struct rpmb_req {
> > +     u16 cmd;
> > +#define RPMB_CMD_DATA_REQ      0x00
> > +#define RPMB_CMD_GET_DEV_INFO  0x01
> > +     u16 dev_id;
> > +     u16 block_count;
> > +     /* Optional data frames (rpmb_data_frame) follow */
> > +};
> > +
> > +#define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1))
> > +
> > +#define RPMB_CID_SZ 16
> > +
> > +/* Response to device info request */
> > +struct rpmb_dev_info {
> > +     u8 cid[RPMB_CID_SZ];
> > +     u8 rpmb_size_mult;      /* RPMB size in units of 128kB */
> > +     u8 reliable_wr_count;   /* RPMB write size in units of 256 bytes */
> > +     u8 ret_code;
> > +#define RPMB_CMD_GET_DEV_INFO_RET_OK     0x00
> > +#define RPMB_CMD_GET_DEV_INFO_RET_ERROR  0x01
> > +};
> > +
> > +static int get_dev_info(struct rpmb_dev *rdev, void *rsp, size_t rsp_size)
> > +{
> > +     struct rpmb_dev_info *dev_info;
> > +
> > +     if (rsp_size != sizeof(*dev_info))
> > +             return TEEC_ERROR_BAD_PARAMETERS;
> > +
> > +     dev_info = rsp;
> > +     memcpy(dev_info->cid, rdev->descr.dev_id, sizeof(dev_info->cid));
> > +     dev_info->rpmb_size_mult = rdev->descr.capacity;
> > +     dev_info->reliable_wr_count = rdev->descr.reliable_wr_count;
> > +     dev_info->ret_code = RPMB_CMD_GET_DEV_INFO_RET_OK;
> > +
> > +     return TEEC_SUCCESS;
> > +}
> > +
> > +/*
> > + * req is one struct rpmb_req followed by one or more struct rpmb_data_frame
> > + * rsp is either one struct rpmb_dev_info or one or more struct rpmb_data_frame
> > + */
> > +static u32 rpmb_process_request(struct optee *optee, struct rpmb_dev *rdev,
> > +                             void *req, size_t req_size,
> > +                             void *rsp, size_t rsp_size)
> > +{
> > +     struct rpmb_req *sreq = req;
> > +     int rc;
> > +
> > +     if (req_size < sizeof(*sreq))
> > +             return TEEC_ERROR_BAD_PARAMETERS;
> > +
> > +     switch (sreq->cmd) {
> > +     case RPMB_CMD_DATA_REQ:
> > +             rc = rpmb_route_frames(rdev, RPMB_REQ_DATA(req),
> > +                                    req_size - sizeof(struct rpmb_req),
> > +                                    rsp, rsp_size);
> > +             if (rc)
> > +                     return TEEC_ERROR_BAD_PARAMETERS;
> > +             return TEEC_SUCCESS;
> > +     case RPMB_CMD_GET_DEV_INFO:
> > +             return get_dev_info(rdev, rsp, rsp_size);
> > +     default:
> > +             return TEEC_ERROR_BAD_PARAMETERS;
> > +     }
> > +}
> > +
> > +static void handle_rpc_func_rpmb(struct tee_context *ctx, struct optee *optee,
> > +                              struct optee_msg_arg *arg)
> > +{
> > +     struct tee_param params[2];
> > +     struct rpmb_dev *rdev;
> > +     void *p0, *p1;
> > +
> > +     mutex_lock(&optee->rpmb_dev_mutex);
> > +     rdev = rpmb_dev_get(optee->rpmb_dev);
> > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > +     if (!rdev) {
>         mutex_lock(&optee->rpmb_dev_mutex);
>         rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
>         rpmb_dev_put(optee->rpmb_dev);
>         optee->rpmb_dev = rdev;
>         mutex_unlock(&optee->rpmb_dev_mutex);
>
>         if (!rdev) {
>             handle_rpc_supp_cmd(ctx, optee, arg);
>             return;
>         }
> > + }
>
> In optee_os core/pta/device.c:invoke_cmd():
>
>     case PTA_CMD_GET_DEVICES_RPMB:
> -           res = tee_rpmb_init();
> +           res = tee_rpmb_reinit();
>
> With tee_rpmb_reinit implemented like this:
>
> TEE_Result tee_rpmb_reinit(void)
> {
>     TEE_Result res = rpmb_probe_reset();
>     if (res) {
>         if (res != TEE_ERROR_NOT_SUPPORTED)
>             return res;
>         return legacy_rpmb_init();
>     }
>     return tee_rpmb_init();
> }

OP-TEE in the secure world could save the CID and reinitialize by
searching for that specific device.

Thanks,
Jens

>
> > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > +                                    arg->params) ||
> > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT ||
> > +         params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +             goto out;
> > +     }
> > +
> > +     p0 = tee_shm_get_va(params[0].u.memref.shm,
> > +                         params[0].u.memref.shm_offs);
> > +     p1 = tee_shm_get_va(params[1].u.memref.shm,
> > +                         params[1].u.memref.shm_offs);
> > +     arg->ret = rpmb_process_request(optee, rdev, p0,
> > +                                     params[0].u.memref.size,
> > +                                     p1, params[1].u.memref.size);
> > +     if (arg->ret)
> > +             goto out;
> > +
> > +     if (optee->ops->to_msg_param(optee, arg->params,
> > +                                  arg->num_params, params))
> > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > +out:
> > +     rpmb_dev_put(rdev);
> > +}
> > +
> >  void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
> >                  struct optee_msg_arg *arg)
> >  {
> > @@ -271,6 +494,15 @@ void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
> >       case OPTEE_RPC_CMD_I2C_TRANSFER:
> >               handle_rpc_func_cmd_i2c_transfer(ctx, arg);
> >               break;
> > +     case OPTEE_RPC_CMD_RPMB_PROBE_RESET:
> > +             handle_rpc_func_rpmb_probe_reset(ctx, optee, arg);
> > +             break;
> > +     case OPTEE_RPC_CMD_RPMB_PROBE_NEXT:
> > +             handle_rpc_func_rpmb_probe_next(ctx, optee, arg);
> > +             break;
> > +     case OPTEE_RPC_CMD_RPMB:
> > +             handle_rpc_func_rpmb(ctx, optee, arg);
> > +             break;
> >       default:
> >               handle_rpc_supp_cmd(ctx, optee, arg);
> >       }
> > diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
> > index a37f87087e5c..c23bcf35c8cb 100644
> > --- a/drivers/tee/optee/smc_abi.c
> > +++ b/drivers/tee/optee/smc_abi.c
> > @@ -20,6 +20,7 @@
> >  #include <linux/of_irq.h>
> >  #include <linux/of_platform.h>
> >  #include <linux/platform_device.h>
> > +#include <linux/rpmb.h>
> >  #include <linux/sched.h>
> >  #include <linux/slab.h>
> >  #include <linux/string.h>
> > @@ -1715,6 +1716,7 @@ static int optee_probe(struct platform_device *pdev)
> >       optee->smc.memremaped_shm = memremaped_shm;
> >       optee->pool = pool;
> >       optee_shm_arg_cache_init(optee, arg_cache_flags);
> > +     mutex_init(&optee->rpmb_dev_mutex);
> >
> >       platform_set_drvdata(pdev, optee);
> >       ctx = teedev_open(optee->teedev);
> > @@ -1769,6 +1771,9 @@ static int optee_probe(struct platform_device *pdev)
> >       if (rc)
> >               goto err_disable_shm_cache;
> >
> > +     INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> > +     optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> > +     rpmb_interface_register(&optee->rpmb_intf);
> >       pr_info("initialized driver\n");
> >       return 0;
> >
> > @@ -1782,6 +1787,8 @@ static int optee_probe(struct platform_device *pdev)
> >  err_close_ctx:
> >       teedev_close_context(ctx);
> >  err_supp_uninit:
> > +     rpmb_dev_put(optee->rpmb_dev);
> > +     mutex_destroy(&optee->rpmb_dev_mutex);
> >       optee_shm_arg_cache_uninit(optee);
> >       optee_supp_uninit(&optee->supp);
> >       mutex_destroy(&optee->call_queue.mutex);
> > --
> > 2.34.1
> >

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Manuel Traut]

On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> >
> > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > an implementation for the RPMB access operations abstracting
> > > the actual multi step process.
> > >
> > > Add a callback to extract the needed device information at registration
> > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > holding a reference counter for this struct.
> > >
> > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > route_frames() function pointer in struct rpmb_ops.
> > >
> > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > ---
> > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > index 32d49100dff5..a7f126fbc605 100644
> > > --- a/drivers/mmc/core/block.c
> > > +++ b/drivers/mmc/core/block.c
> > > @@ -33,6 +33,7 @@
> > >  #include <linux/cdev.h>
> > >  #include <linux/mutex.h>
> > >  #include <linux/scatterlist.h>
> > > +#include <linux/string.h>
> > >  #include <linux/string_helpers.h>
> > >  #include <linux/delay.h>
> > >  #include <linux/capability.h>
> > > @@ -40,6 +41,7 @@
> > >  #include <linux/pm_runtime.h>
> > >  #include <linux/idr.h>
> > >  #include <linux/debugfs.h>
> > > +#include <linux/rpmb.h>
> > >
> > >  #include <linux/mmc/ioctl.h>
> > >  #include <linux/mmc/card.h>
> > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > >
> > > +/**
> > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > + *
> > > + * @stuff        : stuff bytes
> > > + * @key_mac      : The authentication key or the message authentication
> > > + *                 code (MAC) depending on the request/response type.
> > > + *                 The MAC will be delivered in the last (or the only)
> > > + *                 block of data.
> > > + * @data         : Data to be written or read by signed access.
> > > + * @nonce        : Random number generated by the host for the requests
> > > + *                 and copied to the response by the RPMB engine.
> > > + * @write_counter: Counter value for the total amount of the successful
> > > + *                 authenticated data write requests made by the host.
> > > + * @addr         : Address of the data to be programmed to or read
> > > + *                 from the RPMB. Address is the serial number of
> > > + *                 the accessed block (half sector 256B).
> > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > + *                 read/programmed.
> > > + * @result       : Includes information about the status of the write counter
> > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > + *
> > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > + */
> > > +struct rpmb_frame {
> > > +     u8     stuff[196];
> > > +     u8     key_mac[32];
> > > +     u8     data[256];
> > > +     u8     nonce[16];
> > > +     __be32 write_counter;
> > > +     __be16 addr;
> > > +     __be16 block_count;
> > > +     __be16 result;
> > > +     __be16 req_resp;
> > > +} __packed;
> > > +
> > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > +
> > >  static DEFINE_MUTEX(block_mutex);
> > >
> > >  /*
> > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > >       int id;
> > >       unsigned int part_index;
> > >       struct mmc_blk_data *md;
> > > +     struct rpmb_dev *rdev;
> > >       struct list_head node;
> > >  };
> > >
> > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > >
> > >       get_device(&rpmb->dev);
> > >       filp->private_data = rpmb;
> > > -     mmc_blk_get(rpmb->md->disk);
> > >
> > >       return nonseekable_open(inode, filp);
> > >  }
> > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > >                                                 struct mmc_rpmb_data, chrdev);
> > >
> > > -     mmc_blk_put(rpmb->md);
> > >       put_device(&rpmb->dev);
> > >
> > >       return 0;
> > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > >  {
> > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > >
> > > +     rpmb_dev_unregister(rpmb->rdev);
> > > +     mmc_blk_put(rpmb->md);
> > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > >       kfree(rpmb);
> > >  }
> > >
> > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > +{
> > > +     unsigned int n;
> > > +
> > > +     for (n = 0; n < cmd_count; n++)
> > > +             kfree(idata[n]);
> > > +     kfree(idata);
> > > +}
> > > +
> > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > +                                          unsigned int cmd_count)
> > > +{
> > > +     struct mmc_blk_ioc_data **idata;
> > > +     unsigned int n;
> > > +
> > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > +     if (!idata)
> > > +             return NULL;
> > > +     for (n = 0; n < cmd_count; n++) {
> > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > +             if (!idata[n]) {
> > > +                     free_idata(idata, n);
> > > +                     return NULL;
> > > +             }
> > > +             idata[n]->rpmb = rpmb;
> > > +     }
> > > +
> > > +     return idata;
> > > +}
> > > +
> > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > +{
> > > +     /*
> > > +      * The size of an RPMB frame must match what's expected by the
> > > +      * hardware.
> > > +      */
> > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > +
> > > +     idata->ic.opcode = opcode;
> > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > +     idata->ic.write_flag = write_flag;
> > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > +     idata->buf = buf;
> >
> > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > controller. Reading from RPMB does not work. It ends in timeouts due to
> > no response from the SDHCI controller.
> >
> > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > the content of buf is copied to the new allocated area, transfers succeed.
> >
> > Is it possible that idata->buf is not DMA capable? Any other ideas?
> 
> Thanks for testing. I don't know, the idata->buf is allocated using
> alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> optee_pool_op_alloc_helper().

Is this really true for idata->buf or isnt the complete RPMB frame memory
allocated like this and therefore idata->buf not page aligned?

For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
and therefore page aligned.

> Alternatively, it's from the memory
> range mapped using memremap() in optee_config_shm_memremap(), but
> that's only if you don't have "dynamic shared memory is enabled" in
> the boot log.

"dynamic shared memory is enabled" is in the bootlog, ..

Thanks for your comments,
Manuel

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
>
> On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > >
> > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > an implementation for the RPMB access operations abstracting
> > > > the actual multi step process.
> > > >
> > > > Add a callback to extract the needed device information at registration
> > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > holding a reference counter for this struct.
> > > >
> > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > route_frames() function pointer in struct rpmb_ops.
> > > >
> > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > ---
> > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > index 32d49100dff5..a7f126fbc605 100644
> > > > --- a/drivers/mmc/core/block.c
> > > > +++ b/drivers/mmc/core/block.c
> > > > @@ -33,6 +33,7 @@
> > > >  #include <linux/cdev.h>
> > > >  #include <linux/mutex.h>
> > > >  #include <linux/scatterlist.h>
> > > > +#include <linux/string.h>
> > > >  #include <linux/string_helpers.h>
> > > >  #include <linux/delay.h>
> > > >  #include <linux/capability.h>
> > > > @@ -40,6 +41,7 @@
> > > >  #include <linux/pm_runtime.h>
> > > >  #include <linux/idr.h>
> > > >  #include <linux/debugfs.h>
> > > > +#include <linux/rpmb.h>
> > > >
> > > >  #include <linux/mmc/ioctl.h>
> > > >  #include <linux/mmc/card.h>
> > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > >
> > > > +/**
> > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > + *
> > > > + * @stuff        : stuff bytes
> > > > + * @key_mac      : The authentication key or the message authentication
> > > > + *                 code (MAC) depending on the request/response type.
> > > > + *                 The MAC will be delivered in the last (or the only)
> > > > + *                 block of data.
> > > > + * @data         : Data to be written or read by signed access.
> > > > + * @nonce        : Random number generated by the host for the requests
> > > > + *                 and copied to the response by the RPMB engine.
> > > > + * @write_counter: Counter value for the total amount of the successful
> > > > + *                 authenticated data write requests made by the host.
> > > > + * @addr         : Address of the data to be programmed to or read
> > > > + *                 from the RPMB. Address is the serial number of
> > > > + *                 the accessed block (half sector 256B).
> > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > + *                 read/programmed.
> > > > + * @result       : Includes information about the status of the write counter
> > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > + *
> > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > + */
> > > > +struct rpmb_frame {
> > > > +     u8     stuff[196];
> > > > +     u8     key_mac[32];
> > > > +     u8     data[256];
> > > > +     u8     nonce[16];
> > > > +     __be32 write_counter;
> > > > +     __be16 addr;
> > > > +     __be16 block_count;
> > > > +     __be16 result;
> > > > +     __be16 req_resp;
> > > > +} __packed;
> > > > +
> > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > +
> > > >  static DEFINE_MUTEX(block_mutex);
> > > >
> > > >  /*
> > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > >       int id;
> > > >       unsigned int part_index;
> > > >       struct mmc_blk_data *md;
> > > > +     struct rpmb_dev *rdev;
> > > >       struct list_head node;
> > > >  };
> > > >
> > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > >
> > > >       get_device(&rpmb->dev);
> > > >       filp->private_data = rpmb;
> > > > -     mmc_blk_get(rpmb->md->disk);
> > > >
> > > >       return nonseekable_open(inode, filp);
> > > >  }
> > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > >                                                 struct mmc_rpmb_data, chrdev);
> > > >
> > > > -     mmc_blk_put(rpmb->md);
> > > >       put_device(&rpmb->dev);
> > > >
> > > >       return 0;
> > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > >  {
> > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > >
> > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > +     mmc_blk_put(rpmb->md);
> > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > >       kfree(rpmb);
> > > >  }
> > > >
> > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > +{
> > > > +     unsigned int n;
> > > > +
> > > > +     for (n = 0; n < cmd_count; n++)
> > > > +             kfree(idata[n]);
> > > > +     kfree(idata);
> > > > +}
> > > > +
> > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > +                                          unsigned int cmd_count)
> > > > +{
> > > > +     struct mmc_blk_ioc_data **idata;
> > > > +     unsigned int n;
> > > > +
> > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > +     if (!idata)
> > > > +             return NULL;
> > > > +     for (n = 0; n < cmd_count; n++) {
> > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > +             if (!idata[n]) {
> > > > +                     free_idata(idata, n);
> > > > +                     return NULL;
> > > > +             }
> > > > +             idata[n]->rpmb = rpmb;
> > > > +     }
> > > > +
> > > > +     return idata;
> > > > +}
> > > > +
> > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > +{
> > > > +     /*
> > > > +      * The size of an RPMB frame must match what's expected by the
> > > > +      * hardware.
> > > > +      */
> > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > +
> > > > +     idata->ic.opcode = opcode;
> > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > +     idata->ic.write_flag = write_flag;
> > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > +     idata->buf = buf;
> > >
> > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > no response from the SDHCI controller.
> > >
> > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > the content of buf is copied to the new allocated area, transfers succeed.
> > >
> > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> >
> > Thanks for testing. I don't know, the idata->buf is allocated using
> > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > optee_pool_op_alloc_helper().
>
> Is this really true for idata->buf or isnt the complete RPMB frame memory
> allocated like this and therefore idata->buf not page aligned?

You're right.

>
> For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> and therefore page aligned.

Yes, that's a difference. Have you tested with page-aligned buffers to
see if it helps?

>
> > Alternatively, it's from the memory
> > range mapped using memremap() in optee_config_shm_memremap(), but
> > that's only if you don't have "dynamic shared memory is enabled" in
> > the boot log.
>
> "dynamic shared memory is enabled" is in the bootlog, ..

Great.

Thanks,
Jens

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Manuel Traut]

On Mon, Apr 29, 2024 at 12:08:45PM +0200, Jens Wiklander wrote:
> On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
> >
> > On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > > >
> > > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > > an implementation for the RPMB access operations abstracting
> > > > > the actual multi step process.
> > > > >
> > > > > Add a callback to extract the needed device information at registration
> > > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > > holding a reference counter for this struct.
> > > > >
> > > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > > route_frames() function pointer in struct rpmb_ops.
> > > > >
> > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > > ---
> > > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > > index 32d49100dff5..a7f126fbc605 100644
> > > > > --- a/drivers/mmc/core/block.c
> > > > > +++ b/drivers/mmc/core/block.c
> > > > > @@ -33,6 +33,7 @@
> > > > >  #include <linux/cdev.h>
> > > > >  #include <linux/mutex.h>
> > > > >  #include <linux/scatterlist.h>
> > > > > +#include <linux/string.h>
> > > > >  #include <linux/string_helpers.h>
> > > > >  #include <linux/delay.h>
> > > > >  #include <linux/capability.h>
> > > > > @@ -40,6 +41,7 @@
> > > > >  #include <linux/pm_runtime.h>
> > > > >  #include <linux/idr.h>
> > > > >  #include <linux/debugfs.h>
> > > > > +#include <linux/rpmb.h>
> > > > >
> > > > >  #include <linux/mmc/ioctl.h>
> > > > >  #include <linux/mmc/card.h>
> > > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > > >
> > > > > +/**
> > > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > > + *
> > > > > + * @stuff        : stuff bytes
> > > > > + * @key_mac      : The authentication key or the message authentication
> > > > > + *                 code (MAC) depending on the request/response type.
> > > > > + *                 The MAC will be delivered in the last (or the only)
> > > > > + *                 block of data.
> > > > > + * @data         : Data to be written or read by signed access.
> > > > > + * @nonce        : Random number generated by the host for the requests
> > > > > + *                 and copied to the response by the RPMB engine.
> > > > > + * @write_counter: Counter value for the total amount of the successful
> > > > > + *                 authenticated data write requests made by the host.
> > > > > + * @addr         : Address of the data to be programmed to or read
> > > > > + *                 from the RPMB. Address is the serial number of
> > > > > + *                 the accessed block (half sector 256B).
> > > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > > + *                 read/programmed.
> > > > > + * @result       : Includes information about the status of the write counter
> > > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > > + *
> > > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > > + */
> > > > > +struct rpmb_frame {
> > > > > +     u8     stuff[196];
> > > > > +     u8     key_mac[32];
> > > > > +     u8     data[256];
> > > > > +     u8     nonce[16];
> > > > > +     __be32 write_counter;
> > > > > +     __be16 addr;
> > > > > +     __be16 block_count;
> > > > > +     __be16 result;
> > > > > +     __be16 req_resp;
> > > > > +} __packed;
> > > > > +
> > > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > > +
> > > > >  static DEFINE_MUTEX(block_mutex);
> > > > >
> > > > >  /*
> > > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > > >       int id;
> > > > >       unsigned int part_index;
> > > > >       struct mmc_blk_data *md;
> > > > > +     struct rpmb_dev *rdev;
> > > > >       struct list_head node;
> > > > >  };
> > > > >
> > > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > > >
> > > > >       get_device(&rpmb->dev);
> > > > >       filp->private_data = rpmb;
> > > > > -     mmc_blk_get(rpmb->md->disk);
> > > > >
> > > > >       return nonseekable_open(inode, filp);
> > > > >  }
> > > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > > >                                                 struct mmc_rpmb_data, chrdev);
> > > > >
> > > > > -     mmc_blk_put(rpmb->md);
> > > > >       put_device(&rpmb->dev);
> > > > >
> > > > >       return 0;
> > > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > > >  {
> > > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > > >
> > > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > > +     mmc_blk_put(rpmb->md);
> > > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > > >       kfree(rpmb);
> > > > >  }
> > > > >
> > > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > > +{
> > > > > +     unsigned int n;
> > > > > +
> > > > > +     for (n = 0; n < cmd_count; n++)
> > > > > +             kfree(idata[n]);
> > > > > +     kfree(idata);
> > > > > +}
> > > > > +
> > > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > > +                                          unsigned int cmd_count)
> > > > > +{
> > > > > +     struct mmc_blk_ioc_data **idata;
> > > > > +     unsigned int n;
> > > > > +
> > > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > > +     if (!idata)
> > > > > +             return NULL;
> > > > > +     for (n = 0; n < cmd_count; n++) {
> > > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > > +             if (!idata[n]) {
> > > > > +                     free_idata(idata, n);
> > > > > +                     return NULL;
> > > > > +             }
> > > > > +             idata[n]->rpmb = rpmb;
> > > > > +     }
> > > > > +
> > > > > +     return idata;
> > > > > +}
> > > > > +
> > > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > > +{
> > > > > +     /*
> > > > > +      * The size of an RPMB frame must match what's expected by the
> > > > > +      * hardware.
> > > > > +      */
> > > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > > +
> > > > > +     idata->ic.opcode = opcode;
> > > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > > +     idata->ic.write_flag = write_flag;
> > > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > > +     idata->buf = buf;
> > > >
> > > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > > no response from the SDHCI controller.
> > > >
> > > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > > the content of buf is copied to the new allocated area, transfers succeed.
> > > >
> > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > >
> > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > optee_pool_op_alloc_helper().
> >
> > Is this really true for idata->buf or isnt the complete RPMB frame memory
> > allocated like this and therefore idata->buf not page aligned?
> 
> You're right.
> 
> >
> > For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> > and therefore page aligned.
> 
> Yes, that's a difference. Have you tested with page-aligned buffers to
> see if it helps?

Yes, this helps. I tested with the following patch, but probably it can also
be solved during frame allocation in optee?


commit b84a56c15abdcd07f4dacf0b7f482802f8ce752b
Author: Manuel Traut <manut@mecka.net>
Date:   Tue Apr 23 13:22:27 2024 +0200

    mmc: core: block: rpmb: Allocate page aligned memory
    
    "Random" position in optee shared memory cannot be used for blk
    IO on an eMMC with the i.MX8 SDHCI.
    
    This is for sure not the best possible solution, but works
    for the moment.

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 30da8fd03..f123a6c96 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -2786,6 +2786,8 @@ static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
 	return idata;
 }
 
+#define DYNALLOC 1
+
 static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
 		      int write_flag, u8 *buf, unsigned int buf_bytes)
 {
@@ -2800,10 +2802,23 @@ static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
 	idata->ic.write_flag = write_flag;
 	idata->ic.blksz = sizeof(struct rpmb_frame);
 	idata->ic.blocks = buf_bytes /  idata->ic.blksz;
+#ifdef DYNALLOC
+	idata->buf = kmalloc(buf_bytes, GFP_KERNEL);
+	memcpy(idata->buf, buf, buf_bytes);
+#else
 	idata->buf = buf;
+#endif
 	idata->buf_bytes = buf_bytes;
 }
 
+#ifdef DYNALLOC
+static void free_idata_buf(struct mmc_blk_ioc_data *idata, u8 *buf, unsigned int buf_bytes)
+{
+    memcpy(buf, idata->buf, buf_bytes);
+    kfree(idata->buf);
+}
+#endif
+
 static int mmc_route_rpmb_frames(struct device *dev, u8 *req,
 				 unsigned int req_len, u8 *resp,
 				 unsigned int resp_len)
@@ -2901,6 +2916,13 @@ static int mmc_route_rpmb_frames(struct device *dev, u8 *req,
 	blk_execute_rq(rq, false);
 	ret = req_to_mmc_queue_req(rq)->drv_op_result;
 
+#ifdef DYNALLOC
+	free_idata_buf(idata[0], req, req_len);
+	free_idata_buf(idata[1], resp, resp_len);
+	if (write)
+		free_idata_buf(idata[2], resp, resp_len);
+#endif
+
 	blk_mq_free_request(rq);
 
 out:

> > > Alternatively, it's from the memory
> > > range mapped using memremap() in optee_config_shm_memremap(), but
> > > that's only if you don't have "dynamic shared memory is enabled" in
> > > the boot log.
> >
> > "dynamic shared memory is enabled" is in the bootlog, ..
> 
> Great.

Thanks
Manuel

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

On Mon, Apr 29, 2024 at 12:35 PM Manuel Traut <manut@mecka.net> wrote:
>
> On Mon, Apr 29, 2024 at 12:08:45PM +0200, Jens Wiklander wrote:
> > On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
> > >
> > > On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > > > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > > > >
> > > > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > > > an implementation for the RPMB access operations abstracting
> > > > > > the actual multi step process.
> > > > > >
> > > > > > Add a callback to extract the needed device information at registration
> > > > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > > > holding a reference counter for this struct.
> > > > > >
> > > > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > > > route_frames() function pointer in struct rpmb_ops.
> > > > > >
> > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > > > ---
> > > > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > > > index 32d49100dff5..a7f126fbc605 100644
> > > > > > --- a/drivers/mmc/core/block.c
> > > > > > +++ b/drivers/mmc/core/block.c
> > > > > > @@ -33,6 +33,7 @@
> > > > > >  #include <linux/cdev.h>
> > > > > >  #include <linux/mutex.h>
> > > > > >  #include <linux/scatterlist.h>
> > > > > > +#include <linux/string.h>
> > > > > >  #include <linux/string_helpers.h>
> > > > > >  #include <linux/delay.h>
> > > > > >  #include <linux/capability.h>
> > > > > > @@ -40,6 +41,7 @@
> > > > > >  #include <linux/pm_runtime.h>
> > > > > >  #include <linux/idr.h>
> > > > > >  #include <linux/debugfs.h>
> > > > > > +#include <linux/rpmb.h>
> > > > > >
> > > > > >  #include <linux/mmc/ioctl.h>
> > > > > >  #include <linux/mmc/card.h>
> > > > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > > > >
> > > > > > +/**
> > > > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > > > + *
> > > > > > + * @stuff        : stuff bytes
> > > > > > + * @key_mac      : The authentication key or the message authentication
> > > > > > + *                 code (MAC) depending on the request/response type.
> > > > > > + *                 The MAC will be delivered in the last (or the only)
> > > > > > + *                 block of data.
> > > > > > + * @data         : Data to be written or read by signed access.
> > > > > > + * @nonce        : Random number generated by the host for the requests
> > > > > > + *                 and copied to the response by the RPMB engine.
> > > > > > + * @write_counter: Counter value for the total amount of the successful
> > > > > > + *                 authenticated data write requests made by the host.
> > > > > > + * @addr         : Address of the data to be programmed to or read
> > > > > > + *                 from the RPMB. Address is the serial number of
> > > > > > + *                 the accessed block (half sector 256B).
> > > > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > > > + *                 read/programmed.
> > > > > > + * @result       : Includes information about the status of the write counter
> > > > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > > > + *
> > > > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > > > + */
> > > > > > +struct rpmb_frame {
> > > > > > +     u8     stuff[196];
> > > > > > +     u8     key_mac[32];
> > > > > > +     u8     data[256];
> > > > > > +     u8     nonce[16];
> > > > > > +     __be32 write_counter;
> > > > > > +     __be16 addr;
> > > > > > +     __be16 block_count;
> > > > > > +     __be16 result;
> > > > > > +     __be16 req_resp;
> > > > > > +} __packed;
> > > > > > +
> > > > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > > > +
> > > > > >  static DEFINE_MUTEX(block_mutex);
> > > > > >
> > > > > >  /*
> > > > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > > > >       int id;
> > > > > >       unsigned int part_index;
> > > > > >       struct mmc_blk_data *md;
> > > > > > +     struct rpmb_dev *rdev;
> > > > > >       struct list_head node;
> > > > > >  };
> > > > > >
> > > > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > > > >
> > > > > >       get_device(&rpmb->dev);
> > > > > >       filp->private_data = rpmb;
> > > > > > -     mmc_blk_get(rpmb->md->disk);
> > > > > >
> > > > > >       return nonseekable_open(inode, filp);
> > > > > >  }
> > > > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > > > >                                                 struct mmc_rpmb_data, chrdev);
> > > > > >
> > > > > > -     mmc_blk_put(rpmb->md);
> > > > > >       put_device(&rpmb->dev);
> > > > > >
> > > > > >       return 0;
> > > > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > > > >  {
> > > > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > > > >
> > > > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > > > +     mmc_blk_put(rpmb->md);
> > > > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > > > >       kfree(rpmb);
> > > > > >  }
> > > > > >
> > > > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > > > +{
> > > > > > +     unsigned int n;
> > > > > > +
> > > > > > +     for (n = 0; n < cmd_count; n++)
> > > > > > +             kfree(idata[n]);
> > > > > > +     kfree(idata);
> > > > > > +}
> > > > > > +
> > > > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > > > +                                          unsigned int cmd_count)
> > > > > > +{
> > > > > > +     struct mmc_blk_ioc_data **idata;
> > > > > > +     unsigned int n;
> > > > > > +
> > > > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > > > +     if (!idata)
> > > > > > +             return NULL;
> > > > > > +     for (n = 0; n < cmd_count; n++) {
> > > > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > > > +             if (!idata[n]) {
> > > > > > +                     free_idata(idata, n);
> > > > > > +                     return NULL;
> > > > > > +             }
> > > > > > +             idata[n]->rpmb = rpmb;
> > > > > > +     }
> > > > > > +
> > > > > > +     return idata;
> > > > > > +}
> > > > > > +
> > > > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > > > +{
> > > > > > +     /*
> > > > > > +      * The size of an RPMB frame must match what's expected by the
> > > > > > +      * hardware.
> > > > > > +      */
> > > > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > > > +
> > > > > > +     idata->ic.opcode = opcode;
> > > > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > > > +     idata->ic.write_flag = write_flag;
> > > > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > > > +     idata->buf = buf;
> > > > >
> > > > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > > > no response from the SDHCI controller.
> > > > >
> > > > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > > > the content of buf is copied to the new allocated area, transfers succeed.
> > > > >
> > > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > > >
> > > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > > optee_pool_op_alloc_helper().
> > >
> > > Is this really true for idata->buf or isnt the complete RPMB frame memory
> > > allocated like this and therefore idata->buf not page aligned?
> >
> > You're right.
> >
> > >
> > > For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> > > and therefore page aligned.
> >
> > Yes, that's a difference. Have you tested with page-aligned buffers to
> > see if it helps?
>
> Yes, this helps. I tested with the following patch, but probably it can also
> be solved during frame allocation in optee?

Great, thanks for confirming. Yes, we should fix that in the secure world.

Cheers,
Jens

>
>
> commit b84a56c15abdcd07f4dacf0b7f482802f8ce752b
> Author: Manuel Traut <manut@mecka.net>
> Date:   Tue Apr 23 13:22:27 2024 +0200
>
>     mmc: core: block: rpmb: Allocate page aligned memory
>
>     "Random" position in optee shared memory cannot be used for blk
>     IO on an eMMC with the i.MX8 SDHCI.
>
>     This is for sure not the best possible solution, but works
>     for the moment.
>
> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> index 30da8fd03..f123a6c96 100644
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -2786,6 +2786,8 @@ static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
>         return idata;
>  }
>
> +#define DYNALLOC 1
> +
>  static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
>                       int write_flag, u8 *buf, unsigned int buf_bytes)
>  {
> @@ -2800,10 +2802,23 @@ static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
>         idata->ic.write_flag = write_flag;
>         idata->ic.blksz = sizeof(struct rpmb_frame);
>         idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> +#ifdef DYNALLOC
> +       idata->buf = kmalloc(buf_bytes, GFP_KERNEL);
> +       memcpy(idata->buf, buf, buf_bytes);
> +#else
>         idata->buf = buf;
> +#endif
>         idata->buf_bytes = buf_bytes;
>  }
>
> +#ifdef DYNALLOC
> +static void free_idata_buf(struct mmc_blk_ioc_data *idata, u8 *buf, unsigned int buf_bytes)
> +{
> +    memcpy(buf, idata->buf, buf_bytes);
> +    kfree(idata->buf);
> +}
> +#endif
> +
>  static int mmc_route_rpmb_frames(struct device *dev, u8 *req,
>                                  unsigned int req_len, u8 *resp,
>                                  unsigned int resp_len)
> @@ -2901,6 +2916,13 @@ static int mmc_route_rpmb_frames(struct device *dev, u8 *req,
>         blk_execute_rq(rq, false);
>         ret = req_to_mmc_queue_req(rq)->drv_op_result;
>
> +#ifdef DYNALLOC
> +       free_idata_buf(idata[0], req, req_len);
> +       free_idata_buf(idata[1], resp, resp_len);
> +       if (write)
> +               free_idata_buf(idata[2], resp, resp_len);
> +#endif
> +
>         blk_mq_free_request(rq);
>
>  out:
>
> > > > Alternatively, it's from the memory
> > > > range mapped using memremap() in optee_config_shm_memremap(), but
> > > > that's only if you don't have "dynamic shared memory is enabled" in
> > > > the boot log.
> > >
> > > "dynamic shared memory is enabled" is in the bootlog, ..
> >
> > Great.
>
> Thanks
> Manuel

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

On Mon, Apr 29, 2024 at 12:45 PM Jens Wiklander
<jens.wiklander@linaro.org> wrote:
>
> On Mon, Apr 29, 2024 at 12:35 PM Manuel Traut <manut@mecka.net> wrote:
> >
> > On Mon, Apr 29, 2024 at 12:08:45PM +0200, Jens Wiklander wrote:
> > > On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
> > > >
> > > > On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > > > > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > > > > >
> > > > > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > > > > an implementation for the RPMB access operations abstracting
> > > > > > > the actual multi step process.
> > > > > > >
> > > > > > > Add a callback to extract the needed device information at registration
> > > > > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > > > > holding a reference counter for this struct.
> > > > > > >
> > > > > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > > > > route_frames() function pointer in struct rpmb_ops.
> > > > > > >
> > > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > > > > ---
> > > > > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > > > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > > > > >
> > > > > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > > > > index 32d49100dff5..a7f126fbc605 100644
> > > > > > > --- a/drivers/mmc/core/block.c
> > > > > > > +++ b/drivers/mmc/core/block.c
> > > > > > > @@ -33,6 +33,7 @@
> > > > > > >  #include <linux/cdev.h>
> > > > > > >  #include <linux/mutex.h>
> > > > > > >  #include <linux/scatterlist.h>
> > > > > > > +#include <linux/string.h>
> > > > > > >  #include <linux/string_helpers.h>
> > > > > > >  #include <linux/delay.h>
> > > > > > >  #include <linux/capability.h>
> > > > > > > @@ -40,6 +41,7 @@
> > > > > > >  #include <linux/pm_runtime.h>
> > > > > > >  #include <linux/idr.h>
> > > > > > >  #include <linux/debugfs.h>
> > > > > > > +#include <linux/rpmb.h>
> > > > > > >
> > > > > > >  #include <linux/mmc/ioctl.h>
> > > > > > >  #include <linux/mmc/card.h>
> > > > > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > > > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > > > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > > > > >
> > > > > > > +/**
> > > > > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > > > > + *
> > > > > > > + * @stuff        : stuff bytes
> > > > > > > + * @key_mac      : The authentication key or the message authentication
> > > > > > > + *                 code (MAC) depending on the request/response type.
> > > > > > > + *                 The MAC will be delivered in the last (or the only)
> > > > > > > + *                 block of data.
> > > > > > > + * @data         : Data to be written or read by signed access.
> > > > > > > + * @nonce        : Random number generated by the host for the requests
> > > > > > > + *                 and copied to the response by the RPMB engine.
> > > > > > > + * @write_counter: Counter value for the total amount of the successful
> > > > > > > + *                 authenticated data write requests made by the host.
> > > > > > > + * @addr         : Address of the data to be programmed to or read
> > > > > > > + *                 from the RPMB. Address is the serial number of
> > > > > > > + *                 the accessed block (half sector 256B).
> > > > > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > > > > + *                 read/programmed.
> > > > > > > + * @result       : Includes information about the status of the write counter
> > > > > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > > > > + *
> > > > > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > > > > + */
> > > > > > > +struct rpmb_frame {
> > > > > > > +     u8     stuff[196];
> > > > > > > +     u8     key_mac[32];
> > > > > > > +     u8     data[256];
> > > > > > > +     u8     nonce[16];
> > > > > > > +     __be32 write_counter;
> > > > > > > +     __be16 addr;
> > > > > > > +     __be16 block_count;
> > > > > > > +     __be16 result;
> > > > > > > +     __be16 req_resp;
> > > > > > > +} __packed;
> > > > > > > +
> > > > > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > > > > +
> > > > > > >  static DEFINE_MUTEX(block_mutex);
> > > > > > >
> > > > > > >  /*
> > > > > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > > > > >       int id;
> > > > > > >       unsigned int part_index;
> > > > > > >       struct mmc_blk_data *md;
> > > > > > > +     struct rpmb_dev *rdev;
> > > > > > >       struct list_head node;
> > > > > > >  };
> > > > > > >
> > > > > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > > > > >
> > > > > > >       get_device(&rpmb->dev);
> > > > > > >       filp->private_data = rpmb;
> > > > > > > -     mmc_blk_get(rpmb->md->disk);
> > > > > > >
> > > > > > >       return nonseekable_open(inode, filp);
> > > > > > >  }
> > > > > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > > > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > > > > >                                                 struct mmc_rpmb_data, chrdev);
> > > > > > >
> > > > > > > -     mmc_blk_put(rpmb->md);
> > > > > > >       put_device(&rpmb->dev);
> > > > > > >
> > > > > > >       return 0;
> > > > > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > > > > >  {
> > > > > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > > > > >
> > > > > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > > > > +     mmc_blk_put(rpmb->md);
> > > > > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > > > > >       kfree(rpmb);
> > > > > > >  }
> > > > > > >
> > > > > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > > > > +{
> > > > > > > +     unsigned int n;
> > > > > > > +
> > > > > > > +     for (n = 0; n < cmd_count; n++)
> > > > > > > +             kfree(idata[n]);
> > > > > > > +     kfree(idata);
> > > > > > > +}
> > > > > > > +
> > > > > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > > > > +                                          unsigned int cmd_count)
> > > > > > > +{
> > > > > > > +     struct mmc_blk_ioc_data **idata;
> > > > > > > +     unsigned int n;
> > > > > > > +
> > > > > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > > > > +     if (!idata)
> > > > > > > +             return NULL;
> > > > > > > +     for (n = 0; n < cmd_count; n++) {
> > > > > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > > > > +             if (!idata[n]) {
> > > > > > > +                     free_idata(idata, n);
> > > > > > > +                     return NULL;
> > > > > > > +             }
> > > > > > > +             idata[n]->rpmb = rpmb;
> > > > > > > +     }
> > > > > > > +
> > > > > > > +     return idata;
> > > > > > > +}
> > > > > > > +
> > > > > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > > > > +{
> > > > > > > +     /*
> > > > > > > +      * The size of an RPMB frame must match what's expected by the
> > > > > > > +      * hardware.
> > > > > > > +      */
> > > > > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > > > > +
> > > > > > > +     idata->ic.opcode = opcode;
> > > > > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > > > > +     idata->ic.write_flag = write_flag;
> > > > > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > > > > +     idata->buf = buf;
> > > > > >
> > > > > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > > > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > > > > no response from the SDHCI controller.
> > > > > >
> > > > > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > > > > the content of buf is copied to the new allocated area, transfers succeed.
> > > > > >
> > > > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > > > >
> > > > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > > > optee_pool_op_alloc_helper().
> > > >
> > > > Is this really true for idata->buf or isnt the complete RPMB frame memory
> > > > allocated like this and therefore idata->buf not page aligned?
> > >
> > > You're right.
> > >
> > > >
> > > > For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> > > > and therefore page aligned.
> > >
> > > Yes, that's a difference. Have you tested with page-aligned buffers to
> > > see if it helps?
> >
> > Yes, this helps. I tested with the following patch, but probably it can also
> > be solved during frame allocation in optee?
>
> Great, thanks for confirming. Yes, we should fix that in the secure world.

I've pushed an update to
https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe

Cheers,
Jens

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Manuel Traut]

On Mon, Apr 29, 2024 at 01:13:58PM +0200, Jens Wiklander wrote:
> On Mon, Apr 29, 2024 at 12:45 PM Jens Wiklander
> <jens.wiklander@linaro.org> wrote:
> >
> > On Mon, Apr 29, 2024 at 12:35 PM Manuel Traut <manut@mecka.net> wrote:
> > >
> > > On Mon, Apr 29, 2024 at 12:08:45PM +0200, Jens Wiklander wrote:
> > > > On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
> > > > >
> > > > > On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > > > > > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > > > > > >
> > > > > > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > > > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > > > > > an implementation for the RPMB access operations abstracting
> > > > > > > > the actual multi step process.
> > > > > > > >
> > > > > > > > Add a callback to extract the needed device information at registration
> > > > > > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > > > > > holding a reference counter for this struct.
> > > > > > > >
> > > > > > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > > > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > > > > > route_frames() function pointer in struct rpmb_ops.
> > > > > > > >
> > > > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > > > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > > > > > ---
> > > > > > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > > > > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > > > > > >
> > > > > > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > > > > > index 32d49100dff5..a7f126fbc605 100644
> > > > > > > > --- a/drivers/mmc/core/block.c
> > > > > > > > +++ b/drivers/mmc/core/block.c
> > > > > > > > @@ -33,6 +33,7 @@
> > > > > > > >  #include <linux/cdev.h>
> > > > > > > >  #include <linux/mutex.h>
> > > > > > > >  #include <linux/scatterlist.h>
> > > > > > > > +#include <linux/string.h>
> > > > > > > >  #include <linux/string_helpers.h>
> > > > > > > >  #include <linux/delay.h>
> > > > > > > >  #include <linux/capability.h>
> > > > > > > > @@ -40,6 +41,7 @@
> > > > > > > >  #include <linux/pm_runtime.h>
> > > > > > > >  #include <linux/idr.h>
> > > > > > > >  #include <linux/debugfs.h>
> > > > > > > > +#include <linux/rpmb.h>
> > > > > > > >
> > > > > > > >  #include <linux/mmc/ioctl.h>
> > > > > > > >  #include <linux/mmc/card.h>
> > > > > > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > > > > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > > > > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > > > > > >
> > > > > > > > +/**
> > > > > > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > > > > > + *
> > > > > > > > + * @stuff        : stuff bytes
> > > > > > > > + * @key_mac      : The authentication key or the message authentication
> > > > > > > > + *                 code (MAC) depending on the request/response type.
> > > > > > > > + *                 The MAC will be delivered in the last (or the only)
> > > > > > > > + *                 block of data.
> > > > > > > > + * @data         : Data to be written or read by signed access.
> > > > > > > > + * @nonce        : Random number generated by the host for the requests
> > > > > > > > + *                 and copied to the response by the RPMB engine.
> > > > > > > > + * @write_counter: Counter value for the total amount of the successful
> > > > > > > > + *                 authenticated data write requests made by the host.
> > > > > > > > + * @addr         : Address of the data to be programmed to or read
> > > > > > > > + *                 from the RPMB. Address is the serial number of
> > > > > > > > + *                 the accessed block (half sector 256B).
> > > > > > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > > > > > + *                 read/programmed.
> > > > > > > > + * @result       : Includes information about the status of the write counter
> > > > > > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > > > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > > > > > + *
> > > > > > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > > > > > + */
> > > > > > > > +struct rpmb_frame {
> > > > > > > > +     u8     stuff[196];
> > > > > > > > +     u8     key_mac[32];
> > > > > > > > +     u8     data[256];
> > > > > > > > +     u8     nonce[16];
> > > > > > > > +     __be32 write_counter;
> > > > > > > > +     __be16 addr;
> > > > > > > > +     __be16 block_count;
> > > > > > > > +     __be16 result;
> > > > > > > > +     __be16 req_resp;
> > > > > > > > +} __packed;
> > > > > > > > +
> > > > > > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > > > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > > > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > > > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > > > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > > > > > +
> > > > > > > >  static DEFINE_MUTEX(block_mutex);
> > > > > > > >
> > > > > > > >  /*
> > > > > > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > > > > > >       int id;
> > > > > > > >       unsigned int part_index;
> > > > > > > >       struct mmc_blk_data *md;
> > > > > > > > +     struct rpmb_dev *rdev;
> > > > > > > >       struct list_head node;
> > > > > > > >  };
> > > > > > > >
> > > > > > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > > > > > >
> > > > > > > >       get_device(&rpmb->dev);
> > > > > > > >       filp->private_data = rpmb;
> > > > > > > > -     mmc_blk_get(rpmb->md->disk);
> > > > > > > >
> > > > > > > >       return nonseekable_open(inode, filp);
> > > > > > > >  }
> > > > > > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > > > > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > > > > > >                                                 struct mmc_rpmb_data, chrdev);
> > > > > > > >
> > > > > > > > -     mmc_blk_put(rpmb->md);
> > > > > > > >       put_device(&rpmb->dev);
> > > > > > > >
> > > > > > > >       return 0;
> > > > > > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > > > > > >  {
> > > > > > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > > > > > >
> > > > > > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > > > > > +     mmc_blk_put(rpmb->md);
> > > > > > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > > > > > >       kfree(rpmb);
> > > > > > > >  }
> > > > > > > >
> > > > > > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > > > > > +{
> > > > > > > > +     unsigned int n;
> > > > > > > > +
> > > > > > > > +     for (n = 0; n < cmd_count; n++)
> > > > > > > > +             kfree(idata[n]);
> > > > > > > > +     kfree(idata);
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > > > > > +                                          unsigned int cmd_count)
> > > > > > > > +{
> > > > > > > > +     struct mmc_blk_ioc_data **idata;
> > > > > > > > +     unsigned int n;
> > > > > > > > +
> > > > > > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > > > > > +     if (!idata)
> > > > > > > > +             return NULL;
> > > > > > > > +     for (n = 0; n < cmd_count; n++) {
> > > > > > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > > > > > +             if (!idata[n]) {
> > > > > > > > +                     free_idata(idata, n);
> > > > > > > > +                     return NULL;
> > > > > > > > +             }
> > > > > > > > +             idata[n]->rpmb = rpmb;
> > > > > > > > +     }
> > > > > > > > +
> > > > > > > > +     return idata;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > > > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > > > > > +{
> > > > > > > > +     /*
> > > > > > > > +      * The size of an RPMB frame must match what's expected by the
> > > > > > > > +      * hardware.
> > > > > > > > +      */
> > > > > > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > > > > > +
> > > > > > > > +     idata->ic.opcode = opcode;
> > > > > > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > > > > > +     idata->ic.write_flag = write_flag;
> > > > > > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > > > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > > > > > +     idata->buf = buf;
> > > > > > >
> > > > > > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > > > > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > > > > > no response from the SDHCI controller.
> > > > > > >
> > > > > > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > > > > > the content of buf is copied to the new allocated area, transfers succeed.
> > > > > > >
> > > > > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > > > > >
> > > > > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > > > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > > > > optee_pool_op_alloc_helper().
> > > > >
> > > > > Is this really true for idata->buf or isnt the complete RPMB frame memory
> > > > > allocated like this and therefore idata->buf not page aligned?
> > > >
> > > > You're right.
> > > >
> > > > >
> > > > > For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> > > > > and therefore page aligned.
> > > >
> > > > Yes, that's a difference. Have you tested with page-aligned buffers to
> > > > see if it helps?
> > >
> > > Yes, this helps. I tested with the following patch, but probably it can also
> > > be solved during frame allocation in optee?
> >
> > Great, thanks for confirming. Yes, we should fix that in the secure world.
> 
> I've pushed an update to
> https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe

Thanks for taking care. I applied the additional patch

https://github.com/OP-TEE/optee_os/commit/cdbe8d149f1eed62bc8ef9137d208858bb7691d8.patch

to optee_os and removed the kmalloc dynalloc hack mentioned before from the
kernel.

The issue persists, please see below.

Thanks for your support
Manuel

E/TC:? 0
E/TC:? 0 TA panicked with code 0xffff0006
[   18.661761] mmc0: Timeout waiting for hardware interrupt.
[   18.661776] mmc0: sdhci: ============ SDHCI REGISTER DUMP ===========
E/LD:  Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896
E/LD:   arch: arm
E/LD:  region  0: va 0x40005000 pa 0xbe81b000 size 0x002000 flags rw-s (ldelf)
E/LD:  region  1: va 0x40007000 pa 0xbe81d000 size 0x008000 flags r-xs (ldelf)
E/LD:  region  2: va 0x4000f000 pa 0xbe825000 size 0x001000 flags rw-s (ldelf)
E/LD:  region  3: va 0x40010000 pa 0xbe826000 size 0x004000 flags rw-s (ldelf)
E/LD:  region  4: va 0x40014000 pa 0xbe82a000 size 0x001000 flags r--s
E/LD:  region  5: va 0x40015000 pa 0xbe88b000 size 0x011000 flags rw-s (stack)
E/LD:  region  6: va 0x40026000 pa 0x534f8000 size 0x002000 flags rw-- (param)
E/LD:  region  7: va 0x40035000 pa 0x00001000 size 0x042000 flags r-xs [0]
E/LD:  region  8: va 0x40077000 pa 0x00043000 size 0x01e000 flags rw-s [0]
E/LD:   [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40035000
E/LD:  Call stack:
E/LD:   0x40064d48
E/LD:   0x40060c17
E/LD:   0x40037d81
E/LD:   0x40038223
E/LD:   0x4004d343
E/LD:   0x4005d52d
E/LD:   0x4003885f
E/LD:   0x40064cd9
E/LD:   0x4006a8a3
E/LD:   0x4005d68c
[   18.661782] mmc0: sdhci: Sys addr:  0x00000008 | Version:  0x00000002
[   18.661790] mmc0: sdhci: Blk size:  0x00000200 | Blk cnt:  0x00000006
[   18.661796] mmc0: sdhci: Argument:  0x00000000 | Trn mode: 0x0000003b
[   18.661802] mmc0: sdhci: Present:   0x01088a8e | Host ctl: 0x00000031
[   18.661808] mmc0: sdhci: Power:     0x00000002 | Blk gap:  0x00000080
[   18.661814] mmc0: sdhci: Wake-up:   0x00000008 | Clock:    0x0000000f
[   18.661820] mmc0: sdhci: Timeout:   0x0000008f | Int stat: 0x00000000
[   18.661825] mmc0: sdhci: Int enab:  0x117f100b | Sig enab: 0x117f100b
[   18.661831] mmc0: sdhci: ACmd stat: 0x00000000 | Slot int: 0x00000502
[   18.661837] mmc0: sdhci: Caps:      0x07eb0000 | Caps_1:   0x0000b407
[   18.661842] mmc0: sdhci: Cmd:       0x0000123a | Max curr: 0x00ffffff
[   18.661848] mmc0: sdhci: Resp[0]:   0x00000900 | Resp[1]:  0xffffffff
[   18.661856] mmc0: sdhci: Resp[2]:   0x328f5903 | Resp[3]:  0x00000900
[   18.661862] mmc0: sdhci: Host ctl2: 0x00000008
[   18.661868] mmc0: sdhci: ADMA Err:  0x00000007 | ADMA Ptr: 0x412c0200
[   18.661874] mmc0: sdhci-esdhc-imx: ========= ESDHC IMX DEBUG STATUS DUMP =========
[   18.661879] mmc0: sdhci-esdhc-imx: cmd debug status:  0x2120
[   18.661885] mmc0: sdhci-esdhc-imx: data debug status:  0x22d0
[   18.661893] mmc0: sdhci-esdhc-imx: trans debug status:  0x23c0
[   18.661900] mmc0: sdhci-esdhc-imx: dma debug status:  0x2400
[   18.661907] mmc0: sdhci-esdhc-imx: adma debug status:  0x25b4
[   18.661915] mmc0: sdhci-esdhc-imx: fifo debug status:  0x2650
[   18.661922] mmc0: sdhci-esdhc-imx: async fifo debug status:  0x2760
[   18.661929] mmc0: sdhci: ============================================
[   18.662615] sdhci-esdhc-imx 30b40000.mmc: __mmc_blk_ioctl_cmd: data error -110
[   18.772374] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
[   18.772393] tpm tpm0: tpm_try_transmit: send(): error -53212
[   18.772447] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
[   18.772455] tpm tpm0: tpm_try_transmit: send(): error -53212
[   18.772465] ftpm-tee tpm: ftpm_tee_probe: tpm_chip_register failed with rc=-53212
[   18.772545] ftpm-tee: probe of tpm failed with error -53212
[   19.430011] caam_jr 30902000.jr: 20000254: CCB: desc idx 2: RNG: Not instantiated
[   28.901794] mmc0: Timeout waiting for hardware interrupt.
[  *** ] (1 of 2) Job dev-tpmrm0.device/start running (37s / 1min 30s)
[ ***  ] (2 of 2) Job dev-tpm0.device/start running (47s / 1min 30s)
[ ***  ] (2 of 2) Job dev-tpm0.device/start

RE: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Avri Altman]

> > > >
> > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > >
> > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > optee_pool_op_alloc_helper().
> >
> > Is this really true for idata->buf or isnt the complete RPMB frame
> > memory allocated like this and therefore idata->buf not page aligned?
> 
> You're right.
Maybe add an assert of PAGE_ALIGNED(idata->buf)?

Thanks,
Avri

> 
> >
> > For RPMB via tee-supplicant the idata->buf is allocated within
> > memdup_user and therefore page aligned.
> 
> Yes, that's a difference. Have you tested with page-aligned buffers to see if it
> helps?

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

On Mon, Apr 29, 2024 at 3:13 PM Manuel Traut <manut@mecka.net> wrote:
>
> On Mon, Apr 29, 2024 at 01:13:58PM +0200, Jens Wiklander wrote:
> > On Mon, Apr 29, 2024 at 12:45 PM Jens Wiklander
> > <jens.wiklander@linaro.org> wrote:
> > >
> > > On Mon, Apr 29, 2024 at 12:35 PM Manuel Traut <manut@mecka.net> wrote:
> > > >
> > > > On Mon, Apr 29, 2024 at 12:08:45PM +0200, Jens Wiklander wrote:
> > > > > On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
> > > > > >
> > > > > > On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > > > > > > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > > > > > > >
> > > > > > > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > > > > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > > > > > > an implementation for the RPMB access operations abstracting
> > > > > > > > > the actual multi step process.
> > > > > > > > >
> > > > > > > > > Add a callback to extract the needed device information at registration
> > > > > > > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > > > > > > holding a reference counter for this struct.
> > > > > > > > >
> > > > > > > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > > > > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > > > > > > route_frames() function pointer in struct rpmb_ops.
> > > > > > > > >
> > > > > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > > > > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > > > > > > ---
> > > > > > > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > > > > > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > > > > > > >
> > > > > > > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > > > > > > index 32d49100dff5..a7f126fbc605 100644
> > > > > > > > > --- a/drivers/mmc/core/block.c
> > > > > > > > > +++ b/drivers/mmc/core/block.c
> > > > > > > > > @@ -33,6 +33,7 @@
> > > > > > > > >  #include <linux/cdev.h>
> > > > > > > > >  #include <linux/mutex.h>
> > > > > > > > >  #include <linux/scatterlist.h>
> > > > > > > > > +#include <linux/string.h>
> > > > > > > > >  #include <linux/string_helpers.h>
> > > > > > > > >  #include <linux/delay.h>
> > > > > > > > >  #include <linux/capability.h>
> > > > > > > > > @@ -40,6 +41,7 @@
> > > > > > > > >  #include <linux/pm_runtime.h>
> > > > > > > > >  #include <linux/idr.h>
> > > > > > > > >  #include <linux/debugfs.h>
> > > > > > > > > +#include <linux/rpmb.h>
> > > > > > > > >
> > > > > > > > >  #include <linux/mmc/ioctl.h>
> > > > > > > > >  #include <linux/mmc/card.h>
> > > > > > > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > > > > > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > > > > > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > > > > > > >
> > > > > > > > > +/**
> > > > > > > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > > > > > > + *
> > > > > > > > > + * @stuff        : stuff bytes
> > > > > > > > > + * @key_mac      : The authentication key or the message authentication
> > > > > > > > > + *                 code (MAC) depending on the request/response type.
> > > > > > > > > + *                 The MAC will be delivered in the last (or the only)
> > > > > > > > > + *                 block of data.
> > > > > > > > > + * @data         : Data to be written or read by signed access.
> > > > > > > > > + * @nonce        : Random number generated by the host for the requests
> > > > > > > > > + *                 and copied to the response by the RPMB engine.
> > > > > > > > > + * @write_counter: Counter value for the total amount of the successful
> > > > > > > > > + *                 authenticated data write requests made by the host.
> > > > > > > > > + * @addr         : Address of the data to be programmed to or read
> > > > > > > > > + *                 from the RPMB. Address is the serial number of
> > > > > > > > > + *                 the accessed block (half sector 256B).
> > > > > > > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > > > > > > + *                 read/programmed.
> > > > > > > > > + * @result       : Includes information about the status of the write counter
> > > > > > > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > > > > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > > > > > > + *
> > > > > > > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > > > > > > + */
> > > > > > > > > +struct rpmb_frame {
> > > > > > > > > +     u8     stuff[196];
> > > > > > > > > +     u8     key_mac[32];
> > > > > > > > > +     u8     data[256];
> > > > > > > > > +     u8     nonce[16];
> > > > > > > > > +     __be32 write_counter;
> > > > > > > > > +     __be16 addr;
> > > > > > > > > +     __be16 block_count;
> > > > > > > > > +     __be16 result;
> > > > > > > > > +     __be16 req_resp;
> > > > > > > > > +} __packed;
> > > > > > > > > +
> > > > > > > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > > > > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > > > > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > > > > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > > > > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > > > > > > +
> > > > > > > > >  static DEFINE_MUTEX(block_mutex);
> > > > > > > > >
> > > > > > > > >  /*
> > > > > > > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > > > > > > >       int id;
> > > > > > > > >       unsigned int part_index;
> > > > > > > > >       struct mmc_blk_data *md;
> > > > > > > > > +     struct rpmb_dev *rdev;
> > > > > > > > >       struct list_head node;
> > > > > > > > >  };
> > > > > > > > >
> > > > > > > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > > > > > > >
> > > > > > > > >       get_device(&rpmb->dev);
> > > > > > > > >       filp->private_data = rpmb;
> > > > > > > > > -     mmc_blk_get(rpmb->md->disk);
> > > > > > > > >
> > > > > > > > >       return nonseekable_open(inode, filp);
> > > > > > > > >  }
> > > > > > > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > > > > > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > > > > > > >                                                 struct mmc_rpmb_data, chrdev);
> > > > > > > > >
> > > > > > > > > -     mmc_blk_put(rpmb->md);
> > > > > > > > >       put_device(&rpmb->dev);
> > > > > > > > >
> > > > > > > > >       return 0;
> > > > > > > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > > > > > > >  {
> > > > > > > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > > > > > > >
> > > > > > > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > > > > > > +     mmc_blk_put(rpmb->md);
> > > > > > > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > > > > > > >       kfree(rpmb);
> > > > > > > > >  }
> > > > > > > > >
> > > > > > > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > > > > > > +{
> > > > > > > > > +     unsigned int n;
> > > > > > > > > +
> > > > > > > > > +     for (n = 0; n < cmd_count; n++)
> > > > > > > > > +             kfree(idata[n]);
> > > > > > > > > +     kfree(idata);
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > > > > > > +                                          unsigned int cmd_count)
> > > > > > > > > +{
> > > > > > > > > +     struct mmc_blk_ioc_data **idata;
> > > > > > > > > +     unsigned int n;
> > > > > > > > > +
> > > > > > > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > > > > > > +     if (!idata)
> > > > > > > > > +             return NULL;
> > > > > > > > > +     for (n = 0; n < cmd_count; n++) {
> > > > > > > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > > > > > > +             if (!idata[n]) {
> > > > > > > > > +                     free_idata(idata, n);
> > > > > > > > > +                     return NULL;
> > > > > > > > > +             }
> > > > > > > > > +             idata[n]->rpmb = rpmb;
> > > > > > > > > +     }
> > > > > > > > > +
> > > > > > > > > +     return idata;
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > > > > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > > > > > > +{
> > > > > > > > > +     /*
> > > > > > > > > +      * The size of an RPMB frame must match what's expected by the
> > > > > > > > > +      * hardware.
> > > > > > > > > +      */
> > > > > > > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > > > > > > +
> > > > > > > > > +     idata->ic.opcode = opcode;
> > > > > > > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > > > > > > +     idata->ic.write_flag = write_flag;
> > > > > > > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > > > > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > > > > > > +     idata->buf = buf;
> > > > > > > >
> > > > > > > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > > > > > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > > > > > > no response from the SDHCI controller.
> > > > > > > >
> > > > > > > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > > > > > > the content of buf is copied to the new allocated area, transfers succeed.
> > > > > > > >
> > > > > > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > > > > > >
> > > > > > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > > > > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > > > > > optee_pool_op_alloc_helper().
> > > > > >
> > > > > > Is this really true for idata->buf or isnt the complete RPMB frame memory
> > > > > > allocated like this and therefore idata->buf not page aligned?
> > > > >
> > > > > You're right.
> > > > >
> > > > > >
> > > > > > For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> > > > > > and therefore page aligned.
> > > > >
> > > > > Yes, that's a difference. Have you tested with page-aligned buffers to
> > > > > see if it helps?
> > > >
> > > > Yes, this helps. I tested with the following patch, but probably it can also
> > > > be solved during frame allocation in optee?
> > >
> > > Great, thanks for confirming. Yes, we should fix that in the secure world.
> >
> > I've pushed an update to
> > https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe
>
> Thanks for taking care. I applied the additional patch
>
> https://github.com/OP-TEE/optee_os/commit/cdbe8d149f1eed62bc8ef9137d208858bb7691d8.patch
>
> to optee_os and removed the kmalloc dynalloc hack mentioned before from the
> kernel.
>
> The issue persists, please see below.

So it's not the alignment that is the problem. We need to understand
this problem better before adding workarounds. If I'm not mistaken,
alloc_pages_exact () and kmalloc() are supposed to provide DMAable
memory. Could this be a symptom of some other error in your system?

Thanks,
Jens

>
> Thanks for your support
> Manuel
>
> E/TC:? 0
> E/TC:? 0 TA panicked with code 0xffff0006
> [   18.661761] mmc0: Timeout waiting for hardware interrupt.
> [   18.661776] mmc0: sdhci: ============ SDHCI REGISTER DUMP ===========
> E/LD:  Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896
> E/LD:   arch: arm
> E/LD:  region  0: va 0x40005000 pa 0xbe81b000 size 0x002000 flags rw-s (ldelf)
> E/LD:  region  1: va 0x40007000 pa 0xbe81d000 size 0x008000 flags r-xs (ldelf)
> E/LD:  region  2: va 0x4000f000 pa 0xbe825000 size 0x001000 flags rw-s (ldelf)
> E/LD:  region  3: va 0x40010000 pa 0xbe826000 size 0x004000 flags rw-s (ldelf)
> E/LD:  region  4: va 0x40014000 pa 0xbe82a000 size 0x001000 flags r--s
> E/LD:  region  5: va 0x40015000 pa 0xbe88b000 size 0x011000 flags rw-s (stack)
> E/LD:  region  6: va 0x40026000 pa 0x534f8000 size 0x002000 flags rw-- (param)
> E/LD:  region  7: va 0x40035000 pa 0x00001000 size 0x042000 flags r-xs [0]
> E/LD:  region  8: va 0x40077000 pa 0x00043000 size 0x01e000 flags rw-s [0]
> E/LD:   [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40035000
> E/LD:  Call stack:
> E/LD:   0x40064d48
> E/LD:   0x40060c17
> E/LD:   0x40037d81
> E/LD:   0x40038223
> E/LD:   0x4004d343
> E/LD:   0x4005d52d
> E/LD:   0x4003885f
> E/LD:   0x40064cd9
> E/LD:   0x4006a8a3
> E/LD:   0x4005d68c
> [   18.661782] mmc0: sdhci: Sys addr:  0x00000008 | Version:  0x00000002
> [   18.661790] mmc0: sdhci: Blk size:  0x00000200 | Blk cnt:  0x00000006
> [   18.661796] mmc0: sdhci: Argument:  0x00000000 | Trn mode: 0x0000003b
> [   18.661802] mmc0: sdhci: Present:   0x01088a8e | Host ctl: 0x00000031
> [   18.661808] mmc0: sdhci: Power:     0x00000002 | Blk gap:  0x00000080
> [   18.661814] mmc0: sdhci: Wake-up:   0x00000008 | Clock:    0x0000000f
> [   18.661820] mmc0: sdhci: Timeout:   0x0000008f | Int stat: 0x00000000
> [   18.661825] mmc0: sdhci: Int enab:  0x117f100b | Sig enab: 0x117f100b
> [   18.661831] mmc0: sdhci: ACmd stat: 0x00000000 | Slot int: 0x00000502
> [   18.661837] mmc0: sdhci: Caps:      0x07eb0000 | Caps_1:   0x0000b407
> [   18.661842] mmc0: sdhci: Cmd:       0x0000123a | Max curr: 0x00ffffff
> [   18.661848] mmc0: sdhci: Resp[0]:   0x00000900 | Resp[1]:  0xffffffff
> [   18.661856] mmc0: sdhci: Resp[2]:   0x328f5903 | Resp[3]:  0x00000900
> [   18.661862] mmc0: sdhci: Host ctl2: 0x00000008
> [   18.661868] mmc0: sdhci: ADMA Err:  0x00000007 | ADMA Ptr: 0x412c0200
> [   18.661874] mmc0: sdhci-esdhc-imx: ========= ESDHC IMX DEBUG STATUS DUMP =========
> [   18.661879] mmc0: sdhci-esdhc-imx: cmd debug status:  0x2120
> [   18.661885] mmc0: sdhci-esdhc-imx: data debug status:  0x22d0
> [   18.661893] mmc0: sdhci-esdhc-imx: trans debug status:  0x23c0
> [   18.661900] mmc0: sdhci-esdhc-imx: dma debug status:  0x2400
> [   18.661907] mmc0: sdhci-esdhc-imx: adma debug status:  0x25b4
> [   18.661915] mmc0: sdhci-esdhc-imx: fifo debug status:  0x2650
> [   18.661922] mmc0: sdhci-esdhc-imx: async fifo debug status:  0x2760
> [   18.661929] mmc0: sdhci: ============================================
> [   18.662615] sdhci-esdhc-imx 30b40000.mmc: __mmc_blk_ioctl_cmd: data error -110
> [   18.772374] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
> [   18.772393] tpm tpm0: tpm_try_transmit: send(): error -53212
> [   18.772447] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
> [   18.772455] tpm tpm0: tpm_try_transmit: send(): error -53212
> [   18.772465] ftpm-tee tpm: ftpm_tee_probe: tpm_chip_register failed with rc=-53212
> [   18.772545] ftpm-tee: probe of tpm failed with error -53212
> [   19.430011] caam_jr 30902000.jr: 20000254: CCB: desc idx 2: RNG: Not instantiated
> [   28.901794] mmc0: Timeout waiting for hardware interrupt.
> [  *** ] (1 of 2) Job dev-tpmrm0.device/start running (37s / 1min 30s)
> [ ***  ] (2 of 2) Job dev-tpm0.device/start running (47s / 1min 30s)
> [ ***  ] (2 of 2) Job dev-tpm0.device/start
>

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Manuel Traut]

On Thu, May 02, 2024 at 11:53:40AM +0200, Jens Wiklander wrote:
> On Mon, Apr 29, 2024 at 3:13 PM Manuel Traut <manut@mecka.net> wrote:
> >
> > On Mon, Apr 29, 2024 at 01:13:58PM +0200, Jens Wiklander wrote:
> > > On Mon, Apr 29, 2024 at 12:45 PM Jens Wiklander
> > > <jens.wiklander@linaro.org> wrote:
> > > >
> > > > On Mon, Apr 29, 2024 at 12:35 PM Manuel Traut <manut@mecka.net> wrote:
> > > > >
> > > > > On Mon, Apr 29, 2024 at 12:08:45PM +0200, Jens Wiklander wrote:
> > > > > > On Mon, Apr 29, 2024 at 11:41 AM Manuel Traut <manut@mecka.net> wrote:
> > > > > > >
> > > > > > > On Fri, Apr 26, 2024 at 03:24:21PM +0200, Jens Wiklander wrote:
> > > > > > > > On Thu, Apr 25, 2024 at 10:43 AM Manuel Traut <manut@mecka.net> wrote:
> > > > > > > > >
> > > > > > > > > On Mon, Apr 22, 2024 at 11:19:35AM +0200, Jens Wiklander wrote:
> > > > > > > > > > Register eMMC RPMB partition with the RPMB subsystem and provide
> > > > > > > > > > an implementation for the RPMB access operations abstracting
> > > > > > > > > > the actual multi step process.
> > > > > > > > > >
> > > > > > > > > > Add a callback to extract the needed device information at registration
> > > > > > > > > > to avoid accessing the struct mmc_card at a later stage as we're not
> > > > > > > > > > holding a reference counter for this struct.
> > > > > > > > > >
> > > > > > > > > > Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part()
> > > > > > > > > > instead of in mmc_rpmb_chrdev_open(). This is needed by the
> > > > > > > > > > route_frames() function pointer in struct rpmb_ops.
> > > > > > > > > >
> > > > > > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > > > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
> > > > > > > > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > > > > > > > ---
> > > > > > > > > >  drivers/mmc/core/block.c | 241 ++++++++++++++++++++++++++++++++++++++-
> > > > > > > > > >  1 file changed, 239 insertions(+), 2 deletions(-)
> > > > > > > > > >
> > > > > > > > > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> > > > > > > > > > index 32d49100dff5..a7f126fbc605 100644
> > > > > > > > > > --- a/drivers/mmc/core/block.c
> > > > > > > > > > +++ b/drivers/mmc/core/block.c
> > > > > > > > > > @@ -33,6 +33,7 @@
> > > > > > > > > >  #include <linux/cdev.h>
> > > > > > > > > >  #include <linux/mutex.h>
> > > > > > > > > >  #include <linux/scatterlist.h>
> > > > > > > > > > +#include <linux/string.h>
> > > > > > > > > >  #include <linux/string_helpers.h>
> > > > > > > > > >  #include <linux/delay.h>
> > > > > > > > > >  #include <linux/capability.h>
> > > > > > > > > > @@ -40,6 +41,7 @@
> > > > > > > > > >  #include <linux/pm_runtime.h>
> > > > > > > > > >  #include <linux/idr.h>
> > > > > > > > > >  #include <linux/debugfs.h>
> > > > > > > > > > +#include <linux/rpmb.h>
> > > > > > > > > >
> > > > > > > > > >  #include <linux/mmc/ioctl.h>
> > > > > > > > > >  #include <linux/mmc/card.h>
> > > > > > > > > > @@ -76,6 +78,48 @@ MODULE_ALIAS("mmc:block");
> > > > > > > > > >  #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
> > > > > > > > > >  #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
> > > > > > > > > >
> > > > > > > > > > +/**
> > > > > > > > > > + * struct rpmb_frame - rpmb frame as defined by eMMC 5.1 (JESD84-B51)
> > > > > > > > > > + *
> > > > > > > > > > + * @stuff        : stuff bytes
> > > > > > > > > > + * @key_mac      : The authentication key or the message authentication
> > > > > > > > > > + *                 code (MAC) depending on the request/response type.
> > > > > > > > > > + *                 The MAC will be delivered in the last (or the only)
> > > > > > > > > > + *                 block of data.
> > > > > > > > > > + * @data         : Data to be written or read by signed access.
> > > > > > > > > > + * @nonce        : Random number generated by the host for the requests
> > > > > > > > > > + *                 and copied to the response by the RPMB engine.
> > > > > > > > > > + * @write_counter: Counter value for the total amount of the successful
> > > > > > > > > > + *                 authenticated data write requests made by the host.
> > > > > > > > > > + * @addr         : Address of the data to be programmed to or read
> > > > > > > > > > + *                 from the RPMB. Address is the serial number of
> > > > > > > > > > + *                 the accessed block (half sector 256B).
> > > > > > > > > > + * @block_count  : Number of blocks (half sectors, 256B) requested to be
> > > > > > > > > > + *                 read/programmed.
> > > > > > > > > > + * @result       : Includes information about the status of the write counter
> > > > > > > > > > + *                 (valid, expired) and result of the access made to the RPMB.
> > > > > > > > > > + * @req_resp     : Defines the type of request and response to/from the memory.
> > > > > > > > > > + *
> > > > > > > > > > + * The stuff bytes and big-endian properties are modeled to fit to the spec.
> > > > > > > > > > + */
> > > > > > > > > > +struct rpmb_frame {
> > > > > > > > > > +     u8     stuff[196];
> > > > > > > > > > +     u8     key_mac[32];
> > > > > > > > > > +     u8     data[256];
> > > > > > > > > > +     u8     nonce[16];
> > > > > > > > > > +     __be32 write_counter;
> > > > > > > > > > +     __be16 addr;
> > > > > > > > > > +     __be16 block_count;
> > > > > > > > > > +     __be16 result;
> > > > > > > > > > +     __be16 req_resp;
> > > > > > > > > > +} __packed;
> > > > > > > > > > +
> > > > > > > > > > +#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
> > > > > > > > > > +#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
> > > > > > > > > > +#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
> > > > > > > > > > +#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
> > > > > > > > > > +#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
> > > > > > > > > > +
> > > > > > > > > >  static DEFINE_MUTEX(block_mutex);
> > > > > > > > > >
> > > > > > > > > >  /*
> > > > > > > > > > @@ -163,6 +207,7 @@ struct mmc_rpmb_data {
> > > > > > > > > >       int id;
> > > > > > > > > >       unsigned int part_index;
> > > > > > > > > >       struct mmc_blk_data *md;
> > > > > > > > > > +     struct rpmb_dev *rdev;
> > > > > > > > > >       struct list_head node;
> > > > > > > > > >  };
> > > > > > > > > >
> > > > > > > > > > @@ -2672,7 +2717,6 @@ static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
> > > > > > > > > >
> > > > > > > > > >       get_device(&rpmb->dev);
> > > > > > > > > >       filp->private_data = rpmb;
> > > > > > > > > > -     mmc_blk_get(rpmb->md->disk);
> > > > > > > > > >
> > > > > > > > > >       return nonseekable_open(inode, filp);
> > > > > > > > > >  }
> > > > > > > > > > @@ -2682,7 +2726,6 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
> > > > > > > > > >       struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
> > > > > > > > > >                                                 struct mmc_rpmb_data, chrdev);
> > > > > > > > > >
> > > > > > > > > > -     mmc_blk_put(rpmb->md);
> > > > > > > > > >       put_device(&rpmb->dev);
> > > > > > > > > >
> > > > > > > > > >       return 0;
> > > > > > > > > > @@ -2703,10 +2746,165 @@ static void mmc_blk_rpmb_device_release(struct device *dev)
> > > > > > > > > >  {
> > > > > > > > > >       struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
> > > > > > > > > >
> > > > > > > > > > +     rpmb_dev_unregister(rpmb->rdev);
> > > > > > > > > > +     mmc_blk_put(rpmb->md);
> > > > > > > > > >       ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
> > > > > > > > > >       kfree(rpmb);
> > > > > > > > > >  }
> > > > > > > > > >
> > > > > > > > > > +static void free_idata(struct mmc_blk_ioc_data **idata, unsigned int cmd_count)
> > > > > > > > > > +{
> > > > > > > > > > +     unsigned int n;
> > > > > > > > > > +
> > > > > > > > > > +     for (n = 0; n < cmd_count; n++)
> > > > > > > > > > +             kfree(idata[n]);
> > > > > > > > > > +     kfree(idata);
> > > > > > > > > > +}
> > > > > > > > > > +
> > > > > > > > > > +static struct mmc_blk_ioc_data **alloc_idata(struct mmc_rpmb_data *rpmb,
> > > > > > > > > > +                                          unsigned int cmd_count)
> > > > > > > > > > +{
> > > > > > > > > > +     struct mmc_blk_ioc_data **idata;
> > > > > > > > > > +     unsigned int n;
> > > > > > > > > > +
> > > > > > > > > > +     idata = kcalloc(cmd_count, sizeof(*idata), GFP_KERNEL);
> > > > > > > > > > +     if (!idata)
> > > > > > > > > > +             return NULL;
> > > > > > > > > > +     for (n = 0; n < cmd_count; n++) {
> > > > > > > > > > +             idata[n] = kcalloc(1, sizeof(**idata), GFP_KERNEL);
> > > > > > > > > > +             if (!idata[n]) {
> > > > > > > > > > +                     free_idata(idata, n);
> > > > > > > > > > +                     return NULL;
> > > > > > > > > > +             }
> > > > > > > > > > +             idata[n]->rpmb = rpmb;
> > > > > > > > > > +     }
> > > > > > > > > > +
> > > > > > > > > > +     return idata;
> > > > > > > > > > +}
> > > > > > > > > > +
> > > > > > > > > > +static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
> > > > > > > > > > +                   int write_flag, u8 *buf, unsigned int buf_bytes)
> > > > > > > > > > +{
> > > > > > > > > > +     /*
> > > > > > > > > > +      * The size of an RPMB frame must match what's expected by the
> > > > > > > > > > +      * hardware.
> > > > > > > > > > +      */
> > > > > > > > > > +     BUILD_BUG_ON(sizeof(struct rpmb_frame) != 512);
> > > > > > > > > > +
> > > > > > > > > > +     idata->ic.opcode = opcode;
> > > > > > > > > > +     idata->ic.flags = MMC_RSP_R1 | MMC_CMD_ADTC;
> > > > > > > > > > +     idata->ic.write_flag = write_flag;
> > > > > > > > > > +     idata->ic.blksz = sizeof(struct rpmb_frame);
> > > > > > > > > > +     idata->ic.blocks = buf_bytes /  idata->ic.blksz;
> > > > > > > > > > +     idata->buf = buf;
> > > > > > > > >
> > > > > > > > > I tested the series on a i.MX8MM with a eMMC connected via the imx-sdhci
> > > > > > > > > controller. Reading from RPMB does not work. It ends in timeouts due to
> > > > > > > > > no response from the SDHCI controller.
> > > > > > > > >
> > > > > > > > > If idata->buf is allocated here with kmalloc(buf_bytes, GFP_KERNEL) and
> > > > > > > > > the content of buf is copied to the new allocated area, transfers succeed.
> > > > > > > > >
> > > > > > > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > > > > > > >
> > > > > > > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > > > > > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > > > > > > optee_pool_op_alloc_helper().
> > > > > > >
> > > > > > > Is this really true for idata->buf or isnt the complete RPMB frame memory
> > > > > > > allocated like this and therefore idata->buf not page aligned?
> > > > > >
> > > > > > You're right.
> > > > > >
> > > > > > >
> > > > > > > For RPMB via tee-supplicant the idata->buf is allocated within memdup_user
> > > > > > > and therefore page aligned.
> > > > > >
> > > > > > Yes, that's a difference. Have you tested with page-aligned buffers to
> > > > > > see if it helps?
> > > > >
> > > > > Yes, this helps. I tested with the following patch, but probably it can also
> > > > > be solved during frame allocation in optee?
> > > >
> > > > Great, thanks for confirming. Yes, we should fix that in the secure world.
> > >
> > > I've pushed an update to
> > > https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe
> >
> > Thanks for taking care. I applied the additional patch
> >
> > https://github.com/OP-TEE/optee_os/commit/cdbe8d149f1eed62bc8ef9137d208858bb7691d8.patch
> >
> > to optee_os and removed the kmalloc dynalloc hack mentioned before from the
> > kernel.
> >
> > The issue persists, please see below.
> 
> So it's not the alignment that is the problem. We need to understand
> this problem better before adding workarounds. If I'm not mistaken,
> alloc_pages_exact () and kmalloc() are supposed to provide DMAable
> memory. Could this be a symptom of some other error in your system?

It seems to be still the alignment problem. With a debug print
to print the address in the linux kernel alloc_helper:

+++ b/drivers/tee/optee/core.c
@@ -42,6 +42,7 @@ int optee_pool_op_alloc_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
                return -ENOMEM;

        shm->paddr = virt_to_phys(shm->kaddr);
+       printk(KERN_ERR "%s: phys: %p virt: %p", __func__, shm->paddr, shm->kaddr);
        shm->size = nr_pages * PAGE_SIZE;

in optee_os:

--- a/core/tee/tee_rpmb_fs.c
+++ b/core/tee/tee_rpmb_fs.c
@@ -438,6 +438,7 @@ static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size,

        *req = mobj_get_va(mem->mobj, 0, req_s);
        *resp = mobj_get_va(mem->mobj, req_s, resp_s);
+       EMSG("RPMB req: %p resp: %p", *req, *resp);


and in the kernel if PAGE_ALIGNED is not true in mmc frame routing:


@@ -2801,9 +2803,24 @@ static void set_idata(struct mmc_blk_ioc_data *idata, u32 opcode,
        idata->ic.blksz = sizeof(struct rpmb_frame);
        idata->ic.blocks = buf_bytes /  idata->ic.blksz;
        idata->buf = buf;
+       if (!PAGE_ALIGNED(idata->buf)) {
+           printk(KERN_ERR "RPMB FRAME IS NOT PAGE ALIGNED: %p", idata->buf);
+       }


it looks strange to me:

[   20.976798] optee_pool_op_alloc_helper: phys: 000000006e87bb2a virt: 00000000c90be80d
E/TC:? 0 tee_rpmb_alloc:441 RPMB req: 0xbbe01000 resp: 0xbbe02000
[   20.983028] RPMB FRAME IS NOT PAGE ALIGNED: 000000000160f4bd

I will try to understand what is going on..

Thanks,
Manuel

> > E/TC:? 0
> > E/TC:? 0 TA panicked with code 0xffff0006
> > [   18.661761] mmc0: Timeout waiting for hardware interrupt.
> > [   18.661776] mmc0: sdhci: ============ SDHCI REGISTER DUMP ===========
> > E/LD:  Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896
> > E/LD:   arch: arm
> > E/LD:  region  0: va 0x40005000 pa 0xbe81b000 size 0x002000 flags rw-s (ldelf)
> > E/LD:  region  1: va 0x40007000 pa 0xbe81d000 size 0x008000 flags r-xs (ldelf)
> > E/LD:  region  2: va 0x4000f000 pa 0xbe825000 size 0x001000 flags rw-s (ldelf)
> > E/LD:  region  3: va 0x40010000 pa 0xbe826000 size 0x004000 flags rw-s (ldelf)
> > E/LD:  region  4: va 0x40014000 pa 0xbe82a000 size 0x001000 flags r--s
> > E/LD:  region  5: va 0x40015000 pa 0xbe88b000 size 0x011000 flags rw-s (stack)
> > E/LD:  region  6: va 0x40026000 pa 0x534f8000 size 0x002000 flags rw-- (param)
> > E/LD:  region  7: va 0x40035000 pa 0x00001000 size 0x042000 flags r-xs [0]
> > E/LD:  region  8: va 0x40077000 pa 0x00043000 size 0x01e000 flags rw-s [0]
> > E/LD:   [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40035000
> > E/LD:  Call stack:
> > E/LD:   0x40064d48
> > E/LD:   0x40060c17
> > E/LD:   0x40037d81
> > E/LD:   0x40038223
> > E/LD:   0x4004d343
> > E/LD:   0x4005d52d
> > E/LD:   0x4003885f
> > E/LD:   0x40064cd9
> > E/LD:   0x4006a8a3
> > E/LD:   0x4005d68c
> > [   18.661782] mmc0: sdhci: Sys addr:  0x00000008 | Version:  0x00000002
> > [   18.661790] mmc0: sdhci: Blk size:  0x00000200 | Blk cnt:  0x00000006
> > [   18.661796] mmc0: sdhci: Argument:  0x00000000 | Trn mode: 0x0000003b
> > [   18.661802] mmc0: sdhci: Present:   0x01088a8e | Host ctl: 0x00000031
> > [   18.661808] mmc0: sdhci: Power:     0x00000002 | Blk gap:  0x00000080
> > [   18.661814] mmc0: sdhci: Wake-up:   0x00000008 | Clock:    0x0000000f
> > [   18.661820] mmc0: sdhci: Timeout:   0x0000008f | Int stat: 0x00000000
> > [   18.661825] mmc0: sdhci: Int enab:  0x117f100b | Sig enab: 0x117f100b
> > [   18.661831] mmc0: sdhci: ACmd stat: 0x00000000 | Slot int: 0x00000502
> > [   18.661837] mmc0: sdhci: Caps:      0x07eb0000 | Caps_1:   0x0000b407
> > [   18.661842] mmc0: sdhci: Cmd:       0x0000123a | Max curr: 0x00ffffff
> > [   18.661848] mmc0: sdhci: Resp[0]:   0x00000900 | Resp[1]:  0xffffffff
> > [   18.661856] mmc0: sdhci: Resp[2]:   0x328f5903 | Resp[3]:  0x00000900
> > [   18.661862] mmc0: sdhci: Host ctl2: 0x00000008
> > [   18.661868] mmc0: sdhci: ADMA Err:  0x00000007 | ADMA Ptr: 0x412c0200
> > [   18.661874] mmc0: sdhci-esdhc-imx: ========= ESDHC IMX DEBUG STATUS DUMP =========
> > [   18.661879] mmc0: sdhci-esdhc-imx: cmd debug status:  0x2120
> > [   18.661885] mmc0: sdhci-esdhc-imx: data debug status:  0x22d0
> > [   18.661893] mmc0: sdhci-esdhc-imx: trans debug status:  0x23c0
> > [   18.661900] mmc0: sdhci-esdhc-imx: dma debug status:  0x2400
> > [   18.661907] mmc0: sdhci-esdhc-imx: adma debug status:  0x25b4
> > [   18.661915] mmc0: sdhci-esdhc-imx: fifo debug status:  0x2650
> > [   18.661922] mmc0: sdhci-esdhc-imx: async fifo debug status:  0x2760
> > [   18.661929] mmc0: sdhci: ============================================
> > [   18.662615] sdhci-esdhc-imx 30b40000.mmc: __mmc_blk_ioctl_cmd: data error -110
> > [   18.772374] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
> > [   18.772393] tpm tpm0: tpm_try_transmit: send(): error -53212
> > [   18.772447] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
> > [   18.772455] tpm tpm0: tpm_try_transmit: send(): error -53212
> > [   18.772465] ftpm-tee tpm: ftpm_tee_probe: tpm_chip_register failed with rc=-53212
> > [   18.772545] ftpm-tee: probe of tpm failed with error -53212
> > [   19.430011] caam_jr 30902000.jr: 20000254: CCB: desc idx 2: RNG: Not instantiated
> > [   28.901794] mmc0: Timeout waiting for hardware interrupt.
> > [  *** ] (1 of 2) Job dev-tpmrm0.device/start running (37s / 1min 30s)
> > [ ***  ] (2 of 2) Job dev-tpm0.device/start running (47s / 1min 30s)
> > [ ***  ] (2 of 2) Job dev-tpm0.device/start
> >
> 

Re: [PATCH v5 3/3] optee: probe RPMB device using RPMB subsystem

[Manuel Traut]

On Fri, Apr 26, 2024 at 03:40:50PM +0200, Jens Wiklander wrote:
> On Thu, Apr 25, 2024 at 11:13 AM Manuel Traut <manut@mecka.net> wrote:
> >
> > On Mon, Apr 22, 2024 at 11:19:36AM +0200, Jens Wiklander wrote:
> > > Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and
> > > use an RPMB device via the RPMB subsystem instead of passing the RPMB
> > > frames via tee-supplicant in user space. A fallback mechanism is kept to
> > > route RPMB frames via tee-supplicant if the RPMB subsystem isn't
> > > available.
> > >
> > > The OP-TEE RPC ABI is extended to support iterating over all RPMB
> > > devices until one is found with the expected RPMB key already
> > > programmed.
> >
> > I tested this with fTPM running as built-in TA in optee_os.
> > The first user of the TA is u-boot. u-boot handles the RPMB requests.
> >
> > If the tpm-ftpm-tee kernel driver gets probed it triggers also some
> > RPMB requests. However they are not handled by the new RPMB subsystem.
> >
> > I did some workaround (see below) but I guess this no good solution.
> > Need to think longer about this..
> 
> That's interesting. Again, thanks for testing.
> 
> >
> > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > ---
> > >  drivers/tee/optee/core.c          |  30 ++++
> > >  drivers/tee/optee/device.c        |   7 +
> > >  drivers/tee/optee/ffa_abi.c       |   8 ++
> > >  drivers/tee/optee/optee_private.h |  21 ++-
> > >  drivers/tee/optee/optee_rpc_cmd.h |  35 +++++
> > >  drivers/tee/optee/rpc.c           | 232 ++++++++++++++++++++++++++++++
> > >  drivers/tee/optee/smc_abi.c       |   7 +
> > >  7 files changed, 339 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> > > index 3aed554bc8d8..082691c10a90 100644
> > > --- a/drivers/tee/optee/core.c
> > > +++ b/drivers/tee/optee/core.c
> > > @@ -11,6 +11,7 @@
> > >  #include <linux/io.h>
> > >  #include <linux/mm.h>
> > >  #include <linux/module.h>
> > > +#include <linux/rpmb.h>
> > >  #include <linux/slab.h>
> > >  #include <linux/string.h>
> > >  #include <linux/tee_drv.h>
> > > @@ -80,6 +81,31 @@ void optee_pool_op_free_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
> > >       shm->pages = NULL;
> > >  }
> > >
> > > +void optee_bus_scan_rpmb(struct work_struct *work)
> > > +{
> > > +     struct optee *optee = container_of(work, struct optee,
> > > +                                        rpmb_scan_bus_work);
> > > +     int ret;
> > > +
> > > +     if (!optee->rpmb_scan_bus_done) {
> > > +             ret = optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
> > > +             optee->rpmb_scan_bus_done = !ret;
> > > +             if (ret && ret != -ENODEV)
> > > +                     pr_info("Scanning for RPMB device: ret %d\n", ret);
> > > +     }
> > > +}
> > > +
> > > +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> > > +                      void *data)
> > > +{
> > > +     struct optee *optee = container_of(intf, struct optee, rpmb_intf);
> > > +
> > > +     if (action == RPMB_NOTIFY_ADD_DEVICE)
> > > +             schedule_work(&optee->rpmb_scan_bus_work);
> > > +
> > > +     return 0;
> > > +}
> > > +
> > >  static void optee_bus_scan(struct work_struct *work)
> > >  {
> > >       WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP));
> > > @@ -161,6 +187,8 @@ void optee_release_supp(struct tee_context *ctx)
> > >
> > >  void optee_remove_common(struct optee *optee)
> > >  {
> > > +     rpmb_interface_unregister(&optee->rpmb_intf);
> > > +     cancel_work_sync(&optee->rpmb_scan_bus_work);
> > >       /* Unregister OP-TEE specific client devices on TEE bus */
> > >       optee_unregister_devices();
> > >
> > > @@ -177,6 +205,8 @@ void optee_remove_common(struct optee *optee)
> > >       tee_shm_pool_free(optee->pool);
> > >       optee_supp_uninit(&optee->supp);
> > >       mutex_destroy(&optee->call_queue.mutex);
> > > +     rpmb_dev_put(optee->rpmb_dev);
> > > +     mutex_destroy(&optee->rpmb_dev_mutex);
> > >  }
> > >
> > >  static int smc_abi_rc;
> > > diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
> > > index 4b1092127694..4274876857c8 100644
> > > --- a/drivers/tee/optee/device.c
> > > +++ b/drivers/tee/optee/device.c
> > > @@ -43,6 +43,13 @@ static int get_devices(struct tee_context *ctx, u32 session,
> > >       ret = tee_client_invoke_func(ctx, &inv_arg, param);
> > >       if ((ret < 0) || ((inv_arg.ret != TEEC_SUCCESS) &&
> > >                         (inv_arg.ret != TEEC_ERROR_SHORT_BUFFER))) {
> > > +             /*
> > > +              * TEE_ERROR_STORAGE_NOT_AVAILABLE is returned when getting
> > > +              * the list of device TAs that depends on RPMB but a usable
> > > +              * RPMB device isn't found.
> > > +              */
> > > +             if (inv_arg.ret == TEE_ERROR_STORAGE_NOT_AVAILABLE)
> > > +                     return -ENODEV;
> > >               pr_err("PTA_CMD_GET_DEVICES invoke function err: %x\n",
> > >                      inv_arg.ret);
> > >               return -EINVAL;
> > > diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c
> > > index ecb5eb079408..a8dfdb30b4e8 100644
> > > --- a/drivers/tee/optee/ffa_abi.c
> > > +++ b/drivers/tee/optee/ffa_abi.c
> > > @@ -7,6 +7,7 @@
> > >
> > >  #include <linux/arm_ffa.h>
> > >  #include <linux/errno.h>
> > > +#include <linux/rpmb.h>
> > >  #include <linux/scatterlist.h>
> > >  #include <linux/sched.h>
> > >  #include <linux/slab.h>
> > > @@ -934,6 +935,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > >       optee_cq_init(&optee->call_queue, 0);
> > >       optee_supp_init(&optee->supp);
> > >       optee_shm_arg_cache_init(optee, arg_cache_flags);
> > > +     mutex_init(&optee->rpmb_dev_mutex);
> > >       ffa_dev_set_drvdata(ffa_dev, optee);
> > >       ctx = teedev_open(optee->teedev);
> > >       if (IS_ERR(ctx)) {
> > > @@ -955,6 +957,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > >       if (rc)
> > >               goto err_unregister_devices;
> > >
> > > +     INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> > > +     optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> > > +     rpmb_interface_register(&optee->rpmb_intf);
> > >       pr_info("initialized driver\n");
> > >       return 0;
> > >
> > > @@ -968,6 +973,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > >       teedev_close_context(ctx);
> > >  err_rhashtable_free:
> > >       rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL);
> > > +     rpmb_dev_put(optee->rpmb_dev);
> > > +     mutex_destroy(&optee->rpmb_dev_mutex);
> > > +     rpmb_interface_unregister(&optee->rpmb_intf);
> > >       optee_supp_uninit(&optee->supp);
> > >       mutex_destroy(&optee->call_queue.mutex);
> > >       mutex_destroy(&optee->ffa.mutex);
> > > diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
> > > index 7a5243c78b55..ae72f3dda1d2 100644
> > > --- a/drivers/tee/optee/optee_private.h
> > > +++ b/drivers/tee/optee/optee_private.h
> > > @@ -8,6 +8,7 @@
> > >
> > >  #include <linux/arm-smccc.h>
> > >  #include <linux/rhashtable.h>
> > > +#include <linux/rpmb.h>
> > >  #include <linux/semaphore.h>
> > >  #include <linux/tee_drv.h>
> > >  #include <linux/types.h>
> > > @@ -20,11 +21,13 @@
> > >  /* Some Global Platform error codes used in this driver */
> > >  #define TEEC_SUCCESS                 0x00000000
> > >  #define TEEC_ERROR_BAD_PARAMETERS    0xFFFF0006
> > > +#define TEEC_ERROR_ITEM_NOT_FOUND    0xFFFF0008
> > >  #define TEEC_ERROR_NOT_SUPPORTED     0xFFFF000A
> > >  #define TEEC_ERROR_COMMUNICATION     0xFFFF000E
> > >  #define TEEC_ERROR_OUT_OF_MEMORY     0xFFFF000C
> > >  #define TEEC_ERROR_BUSY                      0xFFFF000D
> > >  #define TEEC_ERROR_SHORT_BUFFER              0xFFFF0010
> > > +#define TEE_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003
> > >
> > >  #define TEEC_ORIGIN_COMMS            0x00000002
> > >
> > > @@ -197,6 +200,12 @@ struct optee_ops {
> > >   * @notif:           notification synchronization struct
> > >   * @supp:            supplicant synchronization struct for RPC to supplicant
> > >   * @pool:            shared memory pool
> > > + * @mutex:           mutex protecting @rpmb_dev
> > > + * @rpmb_dev:                current RPMB device or NULL
> > > + * @rpmb_scan_bus_done       flag if device registation of RPMB dependent devices
> > > + *                   was already done
> > > + * @rpmb_scan_bus_work       workq to for an RPMB device and to scan optee bus
> > > + *                   and register RPMB dependent optee drivers
> > >   * @rpc_param_count: If > 0 number of RPC parameters to make room for
> > >   * @scan_bus_done    flag if device registation was already done.
> > >   * @scan_bus_work    workq to scan optee bus and register optee drivers
> > > @@ -215,9 +224,15 @@ struct optee {
> > >       struct optee_notif notif;
> > >       struct optee_supp supp;
> > >       struct tee_shm_pool *pool;
> > > +     /* Protects rpmb_dev pointer */
> > > +     struct mutex rpmb_dev_mutex;
> > > +     struct rpmb_dev *rpmb_dev;
> > > +     struct notifier_block rpmb_intf;
> > >       unsigned int rpc_param_count;
> > > -     bool   scan_bus_done;
> > > +     bool scan_bus_done;
> > > +     bool rpmb_scan_bus_done;
> > >       struct work_struct scan_bus_work;
> > > +     struct work_struct rpmb_scan_bus_work;
> > >  };
> > >
> > >  struct optee_session {
> > > @@ -280,8 +295,12 @@ int optee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session);
> > >
> > >  #define PTA_CMD_GET_DEVICES          0x0
> > >  #define PTA_CMD_GET_DEVICES_SUPP     0x1
> > > +#define PTA_CMD_GET_DEVICES_RPMB     0x2
> > >  int optee_enumerate_devices(u32 func);
> > >  void optee_unregister_devices(void);
> > > +void optee_bus_scan_rpmb(struct work_struct *work);
> > > +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> > > +                      void *data);
> > >
> > >  int optee_pool_op_alloc_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
> > >                              size_t size, size_t align,
> > > diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h
> > > index f3f06e0994a7..f351a8ac69fc 100644
> > > --- a/drivers/tee/optee/optee_rpc_cmd.h
> > > +++ b/drivers/tee/optee/optee_rpc_cmd.h
> > > @@ -16,6 +16,14 @@
> > >   * and sends responses.
> > >   */
> > >
> > > +/*
> > > + * Replay Protected Memory Block access
> > > + *
> > > + * [in]     memref[0]            Frames to device
> > > + * [out]    memref[1]            Frames from device
> > > + */
> > > +#define OPTEE_RPC_CMD_RPMB           1
> > > +
> > >  /*
> > >   * Get time
> > >   *
> > > @@ -103,4 +111,31 @@
> > >  /* I2C master control flags */
> > >  #define OPTEE_RPC_I2C_FLAGS_TEN_BIT  BIT(0)
> > >
> > > +/*
> > > + * Reset RPMB probing
> > > + *
> > > + * Releases an eventually already used RPMB devices and starts over searching
> > > + * for RPMB devices. Returns the kind of shared memory to use in subsequent
> > > + * OPTEE_RPC_CMD_RPMB_PROBE_NEXT and OPTEE_RPC_CMD_RPMB calls.
> > > + *
> > > + * [out]    value[0].a           OPTEE_RPC_SHM_TYPE_*, the parameter for
> > > + *                       OPTEE_RPC_CMD_SHM_ALLOC
> > > + */
> > > +#define OPTEE_RPC_CMD_RPMB_PROBE_RESET       22
> > > +
> > > +/*
> > > + * Probe next RPMB device
> > > + *
> > > + * [out]    value[0].a           Type of RPMB device, OPTEE_RPC_RPMB_*
> > > + * [out]    value[0].b           EXT CSD-slice 168 "RPMB Size"
> > > + * [out]    value[0].c           EXT CSD-slice 222 "Reliable Write Sector Count"
> > > + * [out]    memref[1]       Buffer with the raw CID
> > > + */
> > > +#define OPTEE_RPC_CMD_RPMB_PROBE_NEXT        23
> > > +
> > > +/* Type of RPMB device */
> > > +#define OPTEE_RPC_RPMB_EMMC          0
> > > +#define OPTEE_RPC_RPMB_UFS           1
> > > +#define OPTEE_RPC_RPMB_NVME          2
> > > +
> > >  #endif /*__OPTEE_RPC_CMD_H*/
> > > diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
> > > index e69bc6380683..a3e4c1830f39 100644
> > > --- a/drivers/tee/optee/rpc.c
> > > +++ b/drivers/tee/optee/rpc.c
> > > @@ -7,6 +7,7 @@
> > >
> > >  #include <linux/delay.h>
> > >  #include <linux/i2c.h>
> > > +#include <linux/rpmb.h>
> > >  #include <linux/slab.h>
> > >  #include <linux/tee_drv.h>
> > >  #include "optee_private.h"
> > > @@ -255,6 +256,228 @@ void optee_rpc_cmd_free_suppl(struct tee_context *ctx, struct tee_shm *shm)
> > >       optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_FREE, 1, &param);
> > >  }
> > >
> > > +static void handle_rpc_func_rpmb_probe_reset(struct tee_context *ctx,
> > > +                                          struct optee *optee,
> > > +                                          struct optee_msg_arg *arg)
> > > +{
> > > +     struct tee_param params[1];
> > > +
> > > +     if (!IS_ENABLED(CONFIG_RPMB)) {
> > > +             handle_rpc_supp_cmd(ctx, optee, arg);
> > > +             return;
> > > +     }
> > > +
> > > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > > +                                    arg->params) ||
> > > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) {
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +             return;
> > > +     }
> > > +
> > > +     params[0].u.value.a = OPTEE_RPC_SHM_TYPE_KERNEL;
> > > +     params[0].u.value.b = 0;
> > > +     params[0].u.value.c = 0;
> > > +     if (optee->ops->to_msg_param(optee, arg->params,
> > > +                                  arg->num_params, params)) {
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +             return;
> > > +     }
> > > +
> > > +     mutex_lock(&optee->rpmb_dev_mutex);
> > > +     rpmb_dev_put(optee->rpmb_dev);
> > > +     optee->rpmb_dev = NULL;
> > > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > > +
> > > +     arg->ret = TEEC_SUCCESS;
> > > +}
> > > +
> > > +static int rpmb_type_to_rpc_type(enum rpmb_type rtype)
> > > +{
> > > +     switch (rtype) {
> > > +     case RPMB_TYPE_EMMC:
> > > +             return OPTEE_RPC_RPMB_EMMC;
> > > +     case RPMB_TYPE_UFS:
> > > +             return OPTEE_RPC_RPMB_UFS;
> > > +     case RPMB_TYPE_NVME:
> > > +             return OPTEE_RPC_RPMB_NVME;
> > > +     default:
> > > +             return -1;
> > > +     }
> > > +}
> > > +
> > > +static int rpc_rpmb_match(struct rpmb_dev *rdev, const void *data)
> > > +{
> > > +     return rpmb_type_to_rpc_type(rdev->descr.type) >= 0;
> > > +}
> > > +
> > > +static void handle_rpc_func_rpmb_probe_next(struct tee_context *ctx,
> > > +                                         struct optee *optee,
> > > +                                         struct optee_msg_arg *arg)
> > > +{
> > > +     struct rpmb_dev *rdev;
> > > +     struct tee_param params[2];
> > > +     void *buf;
> > > +
> > > +     if (!IS_REACHABLE(CONFIG_RPMB)) {
> > > +             handle_rpc_supp_cmd(ctx, optee, arg);
> > > +             return;
> > > +     }
> > > +
> > > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > > +                                    arg->params) ||
> > > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT ||
> > > +         params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +             return;
> > > +     }
> > > +     buf = tee_shm_get_va(params[1].u.memref.shm,
> > > +                          params[1].u.memref.shm_offs);
> > > +     if (!buf) {
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +             return;
> > > +     }
> > > +
> > > +     mutex_lock(&optee->rpmb_dev_mutex);
> > > +     rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
> > > +     rpmb_dev_put(optee->rpmb_dev);
> > > +     optee->rpmb_dev = rdev;
> > > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > > +
> > > +     if (!rdev) {
> > > +             arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
> > > +             return;
> > > +     }
> > > +
> > > +     if (params[1].u.memref.size < rdev->descr.dev_id_len) {
> > > +             arg->ret = TEEC_ERROR_SHORT_BUFFER;
> > > +             return;
> > > +     }
> > > +     memcpy(buf, rdev->descr.dev_id, rdev->descr.dev_id_len);
> > > +     params[1].u.memref.size = rdev->descr.dev_id_len;
> > > +     params[0].u.value.a = rpmb_type_to_rpc_type(rdev->descr.type);
> > > +     params[0].u.value.b = rdev->descr.capacity;
> > > +     params[0].u.value.c = rdev->descr.reliable_wr_count;
> > > +     if (optee->ops->to_msg_param(optee, arg->params,
> > > +                                  arg->num_params, params)) {
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +             return;
> > > +     }
> > > +
> > > +     arg->ret = TEEC_SUCCESS;
> > > +}
> > > +
> > > +/* Request */
> > > +struct rpmb_req {
> > > +     u16 cmd;
> > > +#define RPMB_CMD_DATA_REQ      0x00
> > > +#define RPMB_CMD_GET_DEV_INFO  0x01
> > > +     u16 dev_id;
> > > +     u16 block_count;
> > > +     /* Optional data frames (rpmb_data_frame) follow */
> > > +};
> > > +
> > > +#define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1))

This is the root cause for the non page aligned buffer we discussed in

v5 2/3 mmc: block: register RPMB partition with the RPMB subsystem

> > > +
> > > +#define RPMB_CID_SZ 16
> > > +
> > > +/* Response to device info request */
> > > +struct rpmb_dev_info {
> > > +     u8 cid[RPMB_CID_SZ];
> > > +     u8 rpmb_size_mult;      /* RPMB size in units of 128kB */
> > > +     u8 reliable_wr_count;   /* RPMB write size in units of 256 bytes */
> > > +     u8 ret_code;
> > > +#define RPMB_CMD_GET_DEV_INFO_RET_OK     0x00
> > > +#define RPMB_CMD_GET_DEV_INFO_RET_ERROR  0x01
> > > +};
> > > +
> > > +static int get_dev_info(struct rpmb_dev *rdev, void *rsp, size_t rsp_size)
> > > +{
> > > +     struct rpmb_dev_info *dev_info;
> > > +
> > > +     if (rsp_size != sizeof(*dev_info))
> > > +             return TEEC_ERROR_BAD_PARAMETERS;
> > > +
> > > +     dev_info = rsp;
> > > +     memcpy(dev_info->cid, rdev->descr.dev_id, sizeof(dev_info->cid));
> > > +     dev_info->rpmb_size_mult = rdev->descr.capacity;
> > > +     dev_info->reliable_wr_count = rdev->descr.reliable_wr_count;
> > > +     dev_info->ret_code = RPMB_CMD_GET_DEV_INFO_RET_OK;
> > > +
> > > +     return TEEC_SUCCESS;
> > > +}
> > > +
> > > +/*
> > > + * req is one struct rpmb_req followed by one or more struct rpmb_data_frame
> > > + * rsp is either one struct rpmb_dev_info or one or more struct rpmb_data_frame
> > > + */
> > > +static u32 rpmb_process_request(struct optee *optee, struct rpmb_dev *rdev,
> > > +                             void *req, size_t req_size,
> > > +                             void *rsp, size_t rsp_size)
> > > +{
> > > +     struct rpmb_req *sreq = req;
> > > +     int rc;
> > > +
> > > +     if (req_size < sizeof(*sreq))
> > > +             return TEEC_ERROR_BAD_PARAMETERS;
> > > +
> > > +     switch (sreq->cmd) {
> > > +     case RPMB_CMD_DATA_REQ:
> > > +             rc = rpmb_route_frames(rdev, RPMB_REQ_DATA(req),
> > > +                                    req_size - sizeof(struct rpmb_req),
> > > +                                    rsp, rsp_size);
> > > +             if (rc)
> > > +                     return TEEC_ERROR_BAD_PARAMETERS;
> > > +             return TEEC_SUCCESS;
> > > +     case RPMB_CMD_GET_DEV_INFO:
> > > +             return get_dev_info(rdev, rsp, rsp_size);
> > > +     default:
> > > +             return TEEC_ERROR_BAD_PARAMETERS;
> > > +     }
> > > +}
> > > +
> > > +static void handle_rpc_func_rpmb(struct tee_context *ctx, struct optee *optee,
> > > +                              struct optee_msg_arg *arg)
> > > +{
> > > +     struct tee_param params[2];
> > > +     struct rpmb_dev *rdev;
> > > +     void *p0, *p1;
> > > +
> > > +     mutex_lock(&optee->rpmb_dev_mutex);
> > > +     rdev = rpmb_dev_get(optee->rpmb_dev);
> > > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > > +     if (!rdev) {
> >         mutex_lock(&optee->rpmb_dev_mutex);
> >         rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
> >         rpmb_dev_put(optee->rpmb_dev);
> >         optee->rpmb_dev = rdev;
> >         mutex_unlock(&optee->rpmb_dev_mutex);
> >
> >         if (!rdev) {
> >             handle_rpc_supp_cmd(ctx, optee, arg);
> >             return;
> >         }
> > > + }
> >
> > In optee_os core/pta/device.c:invoke_cmd():
> >
> >     case PTA_CMD_GET_DEVICES_RPMB:
> > -           res = tee_rpmb_init();
> > +           res = tee_rpmb_reinit();
> >
> > With tee_rpmb_reinit implemented like this:
> >
> > TEE_Result tee_rpmb_reinit(void)
> > {
> >     TEE_Result res = rpmb_probe_reset();
> >     if (res) {
> >         if (res != TEE_ERROR_NOT_SUPPORTED)
> >             return res;
> >         return legacy_rpmb_init();
> >     }
> >     return tee_rpmb_init();
> > }
> 
> OP-TEE in the secure world could save the CID and reinitialize by
> searching for that specific device.
> 
> Thanks,
> Jens
> 
> >
> > > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > > +                                    arg->params) ||
> > > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT ||
> > > +         params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +             goto out;
> > > +     }
> > > +
> > > +     p0 = tee_shm_get_va(params[0].u.memref.shm,
> > > +                         params[0].u.memref.shm_offs);
> > > +     p1 = tee_shm_get_va(params[1].u.memref.shm,
> > > +                         params[1].u.memref.shm_offs);
> > > +     arg->ret = rpmb_process_request(optee, rdev, p0,
> > > +                                     params[0].u.memref.size,
> > > +                                     p1, params[1].u.memref.size);
> > > +     if (arg->ret)
> > > +             goto out;
> > > +
> > > +     if (optee->ops->to_msg_param(optee, arg->params,
> > > +                                  arg->num_params, params))
> > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > +out:
> > > +     rpmb_dev_put(rdev);
> > > +}
> > > +
> > >  void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
> > >                  struct optee_msg_arg *arg)
> > >  {
> > > @@ -271,6 +494,15 @@ void optee_rpc_cmd(struct tee_context *ctx, struct optee *optee,
> > >       case OPTEE_RPC_CMD_I2C_TRANSFER:
> > >               handle_rpc_func_cmd_i2c_transfer(ctx, arg);
> > >               break;
> > > +     case OPTEE_RPC_CMD_RPMB_PROBE_RESET:
> > > +             handle_rpc_func_rpmb_probe_reset(ctx, optee, arg);
> > > +             break;
> > > +     case OPTEE_RPC_CMD_RPMB_PROBE_NEXT:
> > > +             handle_rpc_func_rpmb_probe_next(ctx, optee, arg);
> > > +             break;
> > > +     case OPTEE_RPC_CMD_RPMB:
> > > +             handle_rpc_func_rpmb(ctx, optee, arg);
> > > +             break;
> > >       default:
> > >               handle_rpc_supp_cmd(ctx, optee, arg);
> > >       }
> > > diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
> > > index a37f87087e5c..c23bcf35c8cb 100644
> > > --- a/drivers/tee/optee/smc_abi.c
> > > +++ b/drivers/tee/optee/smc_abi.c
> > > @@ -20,6 +20,7 @@
> > >  #include <linux/of_irq.h>
> > >  #include <linux/of_platform.h>
> > >  #include <linux/platform_device.h>
> > > +#include <linux/rpmb.h>
> > >  #include <linux/sched.h>
> > >  #include <linux/slab.h>
> > >  #include <linux/string.h>
> > > @@ -1715,6 +1716,7 @@ static int optee_probe(struct platform_device *pdev)
> > >       optee->smc.memremaped_shm = memremaped_shm;
> > >       optee->pool = pool;
> > >       optee_shm_arg_cache_init(optee, arg_cache_flags);
> > > +     mutex_init(&optee->rpmb_dev_mutex);
> > >
> > >       platform_set_drvdata(pdev, optee);
> > >       ctx = teedev_open(optee->teedev);
> > > @@ -1769,6 +1771,9 @@ static int optee_probe(struct platform_device *pdev)
> > >       if (rc)
> > >               goto err_disable_shm_cache;
> > >
> > > +     INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> > > +     optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> > > +     rpmb_interface_register(&optee->rpmb_intf);
> > >       pr_info("initialized driver\n");
> > >       return 0;
> > >
> > > @@ -1782,6 +1787,8 @@ static int optee_probe(struct platform_device *pdev)
> > >  err_close_ctx:
> > >       teedev_close_context(ctx);
> > >  err_supp_uninit:
> > > +     rpmb_dev_put(optee->rpmb_dev);
> > > +     mutex_destroy(&optee->rpmb_dev_mutex);
> > >       optee_shm_arg_cache_uninit(optee);
> > >       optee_supp_uninit(&optee->supp);
> > >       mutex_destroy(&optee->call_queue.mutex);
> > > --
> > > 2.34.1
> > >
> 

Re: [PATCH v5 3/3] optee: probe RPMB device using RPMB subsystem

[Jens Wiklander]

On Fri, May 3, 2024 at 4:37 PM Manuel Traut <manut@mecka.net> wrote:
>
> On Fri, Apr 26, 2024 at 03:40:50PM +0200, Jens Wiklander wrote:
> > On Thu, Apr 25, 2024 at 11:13 AM Manuel Traut <manut@mecka.net> wrote:
> > >
> > > On Mon, Apr 22, 2024 at 11:19:36AM +0200, Jens Wiklander wrote:
> > > > Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and
> > > > use an RPMB device via the RPMB subsystem instead of passing the RPMB
> > > > frames via tee-supplicant in user space. A fallback mechanism is kept to
> > > > route RPMB frames via tee-supplicant if the RPMB subsystem isn't
> > > > available.
> > > >
> > > > The OP-TEE RPC ABI is extended to support iterating over all RPMB
> > > > devices until one is found with the expected RPMB key already
> > > > programmed.
> > >
> > > I tested this with fTPM running as built-in TA in optee_os.
> > > The first user of the TA is u-boot. u-boot handles the RPMB requests.
> > >
> > > If the tpm-ftpm-tee kernel driver gets probed it triggers also some
> > > RPMB requests. However they are not handled by the new RPMB subsystem.
> > >
> > > I did some workaround (see below) but I guess this no good solution.
> > > Need to think longer about this..
> >
> > That's interesting. Again, thanks for testing.
> >
> > >
> > > > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > > > ---
> > > >  drivers/tee/optee/core.c          |  30 ++++
> > > >  drivers/tee/optee/device.c        |   7 +
> > > >  drivers/tee/optee/ffa_abi.c       |   8 ++
> > > >  drivers/tee/optee/optee_private.h |  21 ++-
> > > >  drivers/tee/optee/optee_rpc_cmd.h |  35 +++++
> > > >  drivers/tee/optee/rpc.c           | 232 ++++++++++++++++++++++++++++++
> > > >  drivers/tee/optee/smc_abi.c       |   7 +
> > > >  7 files changed, 339 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> > > > index 3aed554bc8d8..082691c10a90 100644
> > > > --- a/drivers/tee/optee/core.c
> > > > +++ b/drivers/tee/optee/core.c
> > > > @@ -11,6 +11,7 @@
> > > >  #include <linux/io.h>
> > > >  #include <linux/mm.h>
> > > >  #include <linux/module.h>
> > > > +#include <linux/rpmb.h>
> > > >  #include <linux/slab.h>
> > > >  #include <linux/string.h>
> > > >  #include <linux/tee_drv.h>
> > > > @@ -80,6 +81,31 @@ void optee_pool_op_free_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
> > > >       shm->pages = NULL;
> > > >  }
> > > >
> > > > +void optee_bus_scan_rpmb(struct work_struct *work)
> > > > +{
> > > > +     struct optee *optee = container_of(work, struct optee,
> > > > +                                        rpmb_scan_bus_work);
> > > > +     int ret;
> > > > +
> > > > +     if (!optee->rpmb_scan_bus_done) {
> > > > +             ret = optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
> > > > +             optee->rpmb_scan_bus_done = !ret;
> > > > +             if (ret && ret != -ENODEV)
> > > > +                     pr_info("Scanning for RPMB device: ret %d\n", ret);
> > > > +     }
> > > > +}
> > > > +
> > > > +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> > > > +                      void *data)
> > > > +{
> > > > +     struct optee *optee = container_of(intf, struct optee, rpmb_intf);
> > > > +
> > > > +     if (action == RPMB_NOTIFY_ADD_DEVICE)
> > > > +             schedule_work(&optee->rpmb_scan_bus_work);
> > > > +
> > > > +     return 0;
> > > > +}
> > > > +
> > > >  static void optee_bus_scan(struct work_struct *work)
> > > >  {
> > > >       WARN_ON(optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP));
> > > > @@ -161,6 +187,8 @@ void optee_release_supp(struct tee_context *ctx)
> > > >
> > > >  void optee_remove_common(struct optee *optee)
> > > >  {
> > > > +     rpmb_interface_unregister(&optee->rpmb_intf);
> > > > +     cancel_work_sync(&optee->rpmb_scan_bus_work);
> > > >       /* Unregister OP-TEE specific client devices on TEE bus */
> > > >       optee_unregister_devices();
> > > >
> > > > @@ -177,6 +205,8 @@ void optee_remove_common(struct optee *optee)
> > > >       tee_shm_pool_free(optee->pool);
> > > >       optee_supp_uninit(&optee->supp);
> > > >       mutex_destroy(&optee->call_queue.mutex);
> > > > +     rpmb_dev_put(optee->rpmb_dev);
> > > > +     mutex_destroy(&optee->rpmb_dev_mutex);
> > > >  }
> > > >
> > > >  static int smc_abi_rc;
> > > > diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
> > > > index 4b1092127694..4274876857c8 100644
> > > > --- a/drivers/tee/optee/device.c
> > > > +++ b/drivers/tee/optee/device.c
> > > > @@ -43,6 +43,13 @@ static int get_devices(struct tee_context *ctx, u32 session,
> > > >       ret = tee_client_invoke_func(ctx, &inv_arg, param);
> > > >       if ((ret < 0) || ((inv_arg.ret != TEEC_SUCCESS) &&
> > > >                         (inv_arg.ret != TEEC_ERROR_SHORT_BUFFER))) {
> > > > +             /*
> > > > +              * TEE_ERROR_STORAGE_NOT_AVAILABLE is returned when getting
> > > > +              * the list of device TAs that depends on RPMB but a usable
> > > > +              * RPMB device isn't found.
> > > > +              */
> > > > +             if (inv_arg.ret == TEE_ERROR_STORAGE_NOT_AVAILABLE)
> > > > +                     return -ENODEV;
> > > >               pr_err("PTA_CMD_GET_DEVICES invoke function err: %x\n",
> > > >                      inv_arg.ret);
> > > >               return -EINVAL;
> > > > diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c
> > > > index ecb5eb079408..a8dfdb30b4e8 100644
> > > > --- a/drivers/tee/optee/ffa_abi.c
> > > > +++ b/drivers/tee/optee/ffa_abi.c
> > > > @@ -7,6 +7,7 @@
> > > >
> > > >  #include <linux/arm_ffa.h>
> > > >  #include <linux/errno.h>
> > > > +#include <linux/rpmb.h>
> > > >  #include <linux/scatterlist.h>
> > > >  #include <linux/sched.h>
> > > >  #include <linux/slab.h>
> > > > @@ -934,6 +935,7 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > > >       optee_cq_init(&optee->call_queue, 0);
> > > >       optee_supp_init(&optee->supp);
> > > >       optee_shm_arg_cache_init(optee, arg_cache_flags);
> > > > +     mutex_init(&optee->rpmb_dev_mutex);
> > > >       ffa_dev_set_drvdata(ffa_dev, optee);
> > > >       ctx = teedev_open(optee->teedev);
> > > >       if (IS_ERR(ctx)) {
> > > > @@ -955,6 +957,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > > >       if (rc)
> > > >               goto err_unregister_devices;
> > > >
> > > > +     INIT_WORK(&optee->rpmb_scan_bus_work, optee_bus_scan_rpmb);
> > > > +     optee->rpmb_intf.notifier_call = optee_rpmb_intf_rdev;
> > > > +     rpmb_interface_register(&optee->rpmb_intf);
> > > >       pr_info("initialized driver\n");
> > > >       return 0;
> > > >
> > > > @@ -968,6 +973,9 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > > >       teedev_close_context(ctx);
> > > >  err_rhashtable_free:
> > > >       rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL);
> > > > +     rpmb_dev_put(optee->rpmb_dev);
> > > > +     mutex_destroy(&optee->rpmb_dev_mutex);
> > > > +     rpmb_interface_unregister(&optee->rpmb_intf);
> > > >       optee_supp_uninit(&optee->supp);
> > > >       mutex_destroy(&optee->call_queue.mutex);
> > > >       mutex_destroy(&optee->ffa.mutex);
> > > > diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
> > > > index 7a5243c78b55..ae72f3dda1d2 100644
> > > > --- a/drivers/tee/optee/optee_private.h
> > > > +++ b/drivers/tee/optee/optee_private.h
> > > > @@ -8,6 +8,7 @@
> > > >
> > > >  #include <linux/arm-smccc.h>
> > > >  #include <linux/rhashtable.h>
> > > > +#include <linux/rpmb.h>
> > > >  #include <linux/semaphore.h>
> > > >  #include <linux/tee_drv.h>
> > > >  #include <linux/types.h>
> > > > @@ -20,11 +21,13 @@
> > > >  /* Some Global Platform error codes used in this driver */
> > > >  #define TEEC_SUCCESS                 0x00000000
> > > >  #define TEEC_ERROR_BAD_PARAMETERS    0xFFFF0006
> > > > +#define TEEC_ERROR_ITEM_NOT_FOUND    0xFFFF0008
> > > >  #define TEEC_ERROR_NOT_SUPPORTED     0xFFFF000A
> > > >  #define TEEC_ERROR_COMMUNICATION     0xFFFF000E
> > > >  #define TEEC_ERROR_OUT_OF_MEMORY     0xFFFF000C
> > > >  #define TEEC_ERROR_BUSY                      0xFFFF000D
> > > >  #define TEEC_ERROR_SHORT_BUFFER              0xFFFF0010
> > > > +#define TEE_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003
> > > >
> > > >  #define TEEC_ORIGIN_COMMS            0x00000002
> > > >
> > > > @@ -197,6 +200,12 @@ struct optee_ops {
> > > >   * @notif:           notification synchronization struct
> > > >   * @supp:            supplicant synchronization struct for RPC to supplicant
> > > >   * @pool:            shared memory pool
> > > > + * @mutex:           mutex protecting @rpmb_dev
> > > > + * @rpmb_dev:                current RPMB device or NULL
> > > > + * @rpmb_scan_bus_done       flag if device registation of RPMB dependent devices
> > > > + *                   was already done
> > > > + * @rpmb_scan_bus_work       workq to for an RPMB device and to scan optee bus
> > > > + *                   and register RPMB dependent optee drivers
> > > >   * @rpc_param_count: If > 0 number of RPC parameters to make room for
> > > >   * @scan_bus_done    flag if device registation was already done.
> > > >   * @scan_bus_work    workq to scan optee bus and register optee drivers
> > > > @@ -215,9 +224,15 @@ struct optee {
> > > >       struct optee_notif notif;
> > > >       struct optee_supp supp;
> > > >       struct tee_shm_pool *pool;
> > > > +     /* Protects rpmb_dev pointer */
> > > > +     struct mutex rpmb_dev_mutex;
> > > > +     struct rpmb_dev *rpmb_dev;
> > > > +     struct notifier_block rpmb_intf;
> > > >       unsigned int rpc_param_count;
> > > > -     bool   scan_bus_done;
> > > > +     bool scan_bus_done;
> > > > +     bool rpmb_scan_bus_done;
> > > >       struct work_struct scan_bus_work;
> > > > +     struct work_struct rpmb_scan_bus_work;
> > > >  };
> > > >
> > > >  struct optee_session {
> > > > @@ -280,8 +295,12 @@ int optee_cancel_req(struct tee_context *ctx, u32 cancel_id, u32 session);
> > > >
> > > >  #define PTA_CMD_GET_DEVICES          0x0
> > > >  #define PTA_CMD_GET_DEVICES_SUPP     0x1
> > > > +#define PTA_CMD_GET_DEVICES_RPMB     0x2
> > > >  int optee_enumerate_devices(u32 func);
> > > >  void optee_unregister_devices(void);
> > > > +void optee_bus_scan_rpmb(struct work_struct *work);
> > > > +int optee_rpmb_intf_rdev(struct notifier_block *intf, unsigned long action,
> > > > +                      void *data);
> > > >
> > > >  int optee_pool_op_alloc_helper(struct tee_shm_pool *pool, struct tee_shm *shm,
> > > >                              size_t size, size_t align,
> > > > diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h
> > > > index f3f06e0994a7..f351a8ac69fc 100644
> > > > --- a/drivers/tee/optee/optee_rpc_cmd.h
> > > > +++ b/drivers/tee/optee/optee_rpc_cmd.h
> > > > @@ -16,6 +16,14 @@
> > > >   * and sends responses.
> > > >   */
> > > >
> > > > +/*
> > > > + * Replay Protected Memory Block access
> > > > + *
> > > > + * [in]     memref[0]            Frames to device
> > > > + * [out]    memref[1]            Frames from device
> > > > + */
> > > > +#define OPTEE_RPC_CMD_RPMB           1
> > > > +
> > > >  /*
> > > >   * Get time
> > > >   *
> > > > @@ -103,4 +111,31 @@
> > > >  /* I2C master control flags */
> > > >  #define OPTEE_RPC_I2C_FLAGS_TEN_BIT  BIT(0)
> > > >
> > > > +/*
> > > > + * Reset RPMB probing
> > > > + *
> > > > + * Releases an eventually already used RPMB devices and starts over searching
> > > > + * for RPMB devices. Returns the kind of shared memory to use in subsequent
> > > > + * OPTEE_RPC_CMD_RPMB_PROBE_NEXT and OPTEE_RPC_CMD_RPMB calls.
> > > > + *
> > > > + * [out]    value[0].a           OPTEE_RPC_SHM_TYPE_*, the parameter for
> > > > + *                       OPTEE_RPC_CMD_SHM_ALLOC
> > > > + */
> > > > +#define OPTEE_RPC_CMD_RPMB_PROBE_RESET       22
> > > > +
> > > > +/*
> > > > + * Probe next RPMB device
> > > > + *
> > > > + * [out]    value[0].a           Type of RPMB device, OPTEE_RPC_RPMB_*
> > > > + * [out]    value[0].b           EXT CSD-slice 168 "RPMB Size"
> > > > + * [out]    value[0].c           EXT CSD-slice 222 "Reliable Write Sector Count"
> > > > + * [out]    memref[1]       Buffer with the raw CID
> > > > + */
> > > > +#define OPTEE_RPC_CMD_RPMB_PROBE_NEXT        23
> > > > +
> > > > +/* Type of RPMB device */
> > > > +#define OPTEE_RPC_RPMB_EMMC          0
> > > > +#define OPTEE_RPC_RPMB_UFS           1
> > > > +#define OPTEE_RPC_RPMB_NVME          2
> > > > +
> > > >  #endif /*__OPTEE_RPC_CMD_H*/
> > > > diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
> > > > index e69bc6380683..a3e4c1830f39 100644
> > > > --- a/drivers/tee/optee/rpc.c
> > > > +++ b/drivers/tee/optee/rpc.c
> > > > @@ -7,6 +7,7 @@
> > > >
> > > >  #include <linux/delay.h>
> > > >  #include <linux/i2c.h>
> > > > +#include <linux/rpmb.h>
> > > >  #include <linux/slab.h>
> > > >  #include <linux/tee_drv.h>
> > > >  #include "optee_private.h"
> > > > @@ -255,6 +256,228 @@ void optee_rpc_cmd_free_suppl(struct tee_context *ctx, struct tee_shm *shm)
> > > >       optee_supp_thrd_req(ctx, OPTEE_RPC_CMD_SHM_FREE, 1, &param);
> > > >  }
> > > >
> > > > +static void handle_rpc_func_rpmb_probe_reset(struct tee_context *ctx,
> > > > +                                          struct optee *optee,
> > > > +                                          struct optee_msg_arg *arg)
> > > > +{
> > > > +     struct tee_param params[1];
> > > > +
> > > > +     if (!IS_ENABLED(CONFIG_RPMB)) {
> > > > +             handle_rpc_supp_cmd(ctx, optee, arg);
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > > > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > > > +                                    arg->params) ||
> > > > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT) {
> > > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     params[0].u.value.a = OPTEE_RPC_SHM_TYPE_KERNEL;
> > > > +     params[0].u.value.b = 0;
> > > > +     params[0].u.value.c = 0;
> > > > +     if (optee->ops->to_msg_param(optee, arg->params,
> > > > +                                  arg->num_params, params)) {
> > > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     mutex_lock(&optee->rpmb_dev_mutex);
> > > > +     rpmb_dev_put(optee->rpmb_dev);
> > > > +     optee->rpmb_dev = NULL;
> > > > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > > > +
> > > > +     arg->ret = TEEC_SUCCESS;
> > > > +}
> > > > +
> > > > +static int rpmb_type_to_rpc_type(enum rpmb_type rtype)
> > > > +{
> > > > +     switch (rtype) {
> > > > +     case RPMB_TYPE_EMMC:
> > > > +             return OPTEE_RPC_RPMB_EMMC;
> > > > +     case RPMB_TYPE_UFS:
> > > > +             return OPTEE_RPC_RPMB_UFS;
> > > > +     case RPMB_TYPE_NVME:
> > > > +             return OPTEE_RPC_RPMB_NVME;
> > > > +     default:
> > > > +             return -1;
> > > > +     }
> > > > +}
> > > > +
> > > > +static int rpc_rpmb_match(struct rpmb_dev *rdev, const void *data)
> > > > +{
> > > > +     return rpmb_type_to_rpc_type(rdev->descr.type) >= 0;
> > > > +}
> > > > +
> > > > +static void handle_rpc_func_rpmb_probe_next(struct tee_context *ctx,
> > > > +                                         struct optee *optee,
> > > > +                                         struct optee_msg_arg *arg)
> > > > +{
> > > > +     struct rpmb_dev *rdev;
> > > > +     struct tee_param params[2];
> > > > +     void *buf;
> > > > +
> > > > +     if (!IS_REACHABLE(CONFIG_RPMB)) {
> > > > +             handle_rpc_supp_cmd(ctx, optee, arg);
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     if (arg->num_params != ARRAY_SIZE(params) ||
> > > > +         optee->ops->from_msg_param(optee, params, arg->num_params,
> > > > +                                    arg->params) ||
> > > > +         params[0].attr != TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT ||
> > > > +         params[1].attr != TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT) {
> > > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > > +             return;
> > > > +     }
> > > > +     buf = tee_shm_get_va(params[1].u.memref.shm,
> > > > +                          params[1].u.memref.shm_offs);
> > > > +     if (!buf) {
> > > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     mutex_lock(&optee->rpmb_dev_mutex);
> > > > +     rdev = rpmb_dev_find_device(NULL, optee->rpmb_dev, rpc_rpmb_match);
> > > > +     rpmb_dev_put(optee->rpmb_dev);
> > > > +     optee->rpmb_dev = rdev;
> > > > +     mutex_unlock(&optee->rpmb_dev_mutex);
> > > > +
> > > > +     if (!rdev) {
> > > > +             arg->ret = TEEC_ERROR_ITEM_NOT_FOUND;
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     if (params[1].u.memref.size < rdev->descr.dev_id_len) {
> > > > +             arg->ret = TEEC_ERROR_SHORT_BUFFER;
> > > > +             return;
> > > > +     }
> > > > +     memcpy(buf, rdev->descr.dev_id, rdev->descr.dev_id_len);
> > > > +     params[1].u.memref.size = rdev->descr.dev_id_len;
> > > > +     params[0].u.value.a = rpmb_type_to_rpc_type(rdev->descr.type);
> > > > +     params[0].u.value.b = rdev->descr.capacity;
> > > > +     params[0].u.value.c = rdev->descr.reliable_wr_count;
> > > > +     if (optee->ops->to_msg_param(optee, arg->params,
> > > > +                                  arg->num_params, params)) {
> > > > +             arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > > +             return;
> > > > +     }
> > > > +
> > > > +     arg->ret = TEEC_SUCCESS;
> > > > +}
> > > > +
> > > > +/* Request */
> > > > +struct rpmb_req {
> > > > +     u16 cmd;
> > > > +#define RPMB_CMD_DATA_REQ      0x00
> > > > +#define RPMB_CMD_GET_DEV_INFO  0x01
> > > > +     u16 dev_id;
> > > > +     u16 block_count;
> > > > +     /* Optional data frames (rpmb_data_frame) follow */
> > > > +};
> > > > +
> > > > +#define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1))
>
> This is the root cause for the non page aligned buffer we discussed in
>
> v5 2/3 mmc: block: register RPMB partition with the RPMB subsystem

Thanks for tracking this down. I'll fix it in the v6.

Cheers,
Jens

Re: [PATCH v5 2/3] mmc: block: register RPMB partition with the RPMB subsystem

[Jens Wiklander]

On Mon, Apr 29, 2024 at 9:36 PM Avri Altman <Avri.Altman@wdc.com> wrote:
>
> > > > >
> > > > > Is it possible that idata->buf is not DMA capable? Any other ideas?
> > > >
> > > > Thanks for testing. I don't know, the idata->buf is allocated using
> > > > alloc_pages_exact(nr_pages * PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); in
> > > > optee_pool_op_alloc_helper().
> > >
> > > Is this really true for idata->buf or isnt the complete RPMB frame
> > > memory allocated like this and therefore idata->buf not page aligned?
> >
> > You're right.
> Maybe add an assert of PAGE_ALIGNED(idata->buf)?

That might be a bit much. It turned out that there was a 2-byte
alignment causing the trouble. I don't know exactly what's needed, but
the amount used by kmalloc() by default is good.

Cheers,
Jens

>
> Thanks,
> Avri
>
> >
> > >
> > > For RPMB via tee-supplicant the idata->buf is allocated within
> > > memdup_user and therefore page aligned.
> >
> > Yes, that's a difference. Have you tested with page-aligned buffers to see if it
> > helps?